--- a/plugins/mod_tls.lua	Sun Jan 22 09:55:52 2017 +0100
+++ b/plugins/mod_tls.lua	Mon Jan 23 10:45:20 2017 +0100
@@ -124,9 +124,11 @@
 end, 500);
 
 module:hook_stanza(xmlns_starttls, "proceed", function (session, stanza) -- luacheck: ignore 212/stanza
-	module:log("debug", "Proceeding with TLS on s2sout...");
-	session:reset_stream();
-	session.conn:starttls(session.ssl_ctx);
-	session.secure = false;
-	return true;
+	if session.type == "s2sout_unauthed" then
+		module:log("debug", "Proceeding with TLS on s2sout...");
+		session:reset_stream();
+		session.conn:starttls(session.ssl_ctx);
+		session.secure = false;
+		return true;
+	end
 end);