diff --git a/README.md b/README.md
index dcacc34..f3d2757 100644
--- a/README.md
+++ b/README.md
@@ -137,6 +137,17 @@ script/coverage --html
 
 That will open a new browser tab showing coverage information.
 
+# Contributions
+
+contributions are expected to include tests and tests must pass.  If existing tests start to fail due to
+expired certs simply run
+
+```
+openssl req -x509 -sha256 -nodes -newkey rsa:4096 -keyout test/privkey.pem -days 730 -out test/cert.pem -config test/san.cnf 
+```
+
+to generate new ones
+
 # License
 
 This project uses the New BSD License, the same as the Go project itself.
@@ -145,3 +156,5 @@ This project uses the New BSD License, the same as the Go project itself.
 
 Please note that this project is released with a Contributor Code of Conduct.
 By participating in this project you agree to abide by its terms.
+
+
diff --git a/dialer.go b/dialer.go
index fc7e538..076aacb 100644
--- a/dialer.go
+++ b/dialer.go
@@ -35,9 +35,9 @@ func (df dialerFunctionWrapper) Call() (serverConn, string, error) {
 // function and adding it to the map.
 func (w *Writer) getDialer() dialerFunctionWrapper {
 	dialers := map[string]dialerFunctionWrapper{
-		"":        dialerFunctionWrapper{"unixDialer", w.unixDialer},
-		"tcp+tls": dialerFunctionWrapper{"tlsDialer", w.tlsDialer},
-		"custom":  dialerFunctionWrapper{"customDialer", w.customDialer},
+		"":        {"unixDialer", w.unixDialer},
+		"tcp+tls": {"tlsDialer", w.tlsDialer},
+		"custom":  {"customDialer", w.customDialer},
 	}
 	dialer, ok := dialers[w.network]
 	if !ok {
@@ -60,7 +60,13 @@ func (w *Writer) unixDialer() (serverConn, string, error) {
 // tlsDialer connects to TLS over TCP, and is used for the "tcp+tls" network
 // type.
 func (w *Writer) tlsDialer() (serverConn, string, error) {
-	c, err := tls.Dial("tcp", w.raddr, w.tlsConfig)
+	var c net.Conn
+	var err error
+	if w.dial != nil {
+		c, err = tls.DialWithDialer(w.dial, "tcp", w.raddr, w.tlsConfig)
+	} else {
+		c, err = tls.Dial("tcp", w.raddr, w.tlsConfig)
+	}
 	var sc serverConn
 	hostname := w.hostname
 	if err == nil {
@@ -75,7 +81,13 @@ func (w *Writer) tlsDialer() (serverConn, string, error) {
 // basicDialer is the most common dialer for syslog, and supports both TCP and
 // UDP connections.
 func (w *Writer) basicDialer() (serverConn, string, error) {
-	c, err := net.Dial(w.network, w.raddr)
+	var c net.Conn
+	var err error
+	if w.dial != nil && w.dial.Timeout != 0 {
+		c, err = net.DialTimeout(w.network, w.raddr, w.dial.Timeout)
+	} else {
+		c, err = net.Dial(w.network, w.raddr)
+	}
 	var sc serverConn
 	hostname := w.hostname
 	if err == nil {
diff --git a/formatter.go b/formatter.go
index e306fd6..d759a1d 100644
--- a/formatter.go
+++ b/formatter.go
@@ -41,8 +41,8 @@ func RFC3164Formatter(p Priority, hostname, tag, content string) string {
 
 // if string's length is greater than max, then use the last part
 func truncateStartStr(s string, max int) string {
-	if (len(s) > max) {
-		return s[len(s) - max:]
+	if len(s) > max {
+		return s[len(s)-max:]
 	}
 	return s
 }
diff --git a/formatter_test.go b/formatter_test.go
index 1bd81f1..0e39eca 100644
--- a/formatter_test.go
+++ b/formatter_test.go
@@ -3,9 +3,9 @@ package srslog
 import (
 	"fmt"
 	"os"
+	"strings"
 	"testing"
 	"time"
-	"strings"
 )
 
 func TestDefaultFormatter(t *testing.T) {
@@ -39,7 +39,7 @@ func TestRFC5424Formatter(t *testing.T) {
 	out := RFC5424Formatter(LOG_ERR, "hostname", "tag", "content")
 	expected := fmt.Sprintf("<%d>%d %s %s %s %d %s - %s",
 		LOG_ERR, 1, time.Now().Format(time.RFC3339), "hostname", truncateStartStr(os.Args[0], appNameMaxLength),
-			os.Getpid(), "tag", "content")
+		os.Getpid(), "tag", "content")
 	if out != expected {
 		t.Errorf("expected %v got %v", expected, out)
 	}
@@ -47,11 +47,11 @@ func TestRFC5424Formatter(t *testing.T) {
 
 func TestTruncateStartStr(t *testing.T) {
 	out := truncateStartStr("abcde", 3)
-	if strings.Compare(out, "cde" ) != 0 {
+	if strings.Compare(out, "cde") != 0 {
 		t.Errorf("expected \"cde\" got %v", out)
 	}
 	out = truncateStartStr("abcde", 5)
-	if strings.Compare(out, "abcde" ) != 0 {
+	if strings.Compare(out, "abcde") != 0 {
 		t.Errorf("expected \"abcde\" got %v", out)
 	}
-}
\ No newline at end of file
+}
diff --git a/go.mod b/go.mod
new file mode 100644
index 0000000..cd4a5b2
--- /dev/null
+++ b/go.mod
@@ -0,0 +1,3 @@
+module github.com/netography/srslog
+
+go 1.19
diff --git a/srslog.go b/srslog.go
index b47ad72..05fad07 100644
--- a/srslog.go
+++ b/srslog.go
@@ -8,6 +8,7 @@ import (
 	"log"
 	"net"
 	"os"
+	"time"
 )
 
 // This interface allows us to work with both local and network connections,
@@ -50,7 +51,7 @@ func DialWithCustomDialer(network, raddr string, priority Priority, tag string,
 	if customDial == nil {
 		return nil, ErrNilDialFunc
 	}
-	return dialAllParameters(network, raddr, priority, tag, nil, customDial)
+	return dialAllParameters(network, raddr, priority, tag, nil, customDial, &net.Dialer{})
 }
 
 // DialWithTLSCertPath establishes a secure connection to a log daemon by connecting to
@@ -68,24 +69,38 @@ func DialWithTLSCertPath(network, raddr string, priority Priority, tag, certPath
 // DialWIthTLSCert establishes a secure connection to a log daemon by connecting to
 // address raddr on the specified network. It uses serverCert to load a TLS certificate
 // and configure the secure connection.
-func DialWithTLSCert(network, raddr string, priority Priority, tag string, serverCert []byte) (*Writer, error) {
+func DialWithTLSCert(network, raddr string, priority Priority, tag string, serverCert []byte, opts ...DialOption) (*Writer, error) {
 	pool := x509.NewCertPool()
 	pool.AppendCertsFromPEM(serverCert)
 	config := tls.Config{
 		RootCAs: pool,
 	}
 
-	return DialWithTLSConfig(network, raddr, priority, tag, &config)
+	return DialWithTLSConfig(network, raddr, priority, tag, &config, opts...)
+}
+
+type DialOption func(dial *net.Dialer)
+
+func WithTimeout(d time.Duration) DialOption {
+	return func(dial *net.Dialer) {
+		if dial != nil {
+			dial.Timeout = d
+		}
+	}
 }
 
 // DialWithTLSConfig establishes a secure connection to a log daemon by connecting to
 // address raddr on the specified network. It uses tlsConfig to configure the secure connection.
-func DialWithTLSConfig(network, raddr string, priority Priority, tag string, tlsConfig *tls.Config) (*Writer, error) {
-	return dialAllParameters(network, raddr, priority, tag, tlsConfig, nil)
+func DialWithTLSConfig(network, raddr string, priority Priority, tag string, tlsConfig *tls.Config, opts ...DialOption) (*Writer, error) {
+	dial := &net.Dialer{}
+	for _, o := range opts {
+		o(dial)
+	}
+	return dialAllParameters(network, raddr, priority, tag, tlsConfig, nil, dial)
 }
 
 // implementation of the various functions above
-func dialAllParameters(network, raddr string, priority Priority, tag string, tlsConfig *tls.Config, customDial DialFunc) (*Writer, error) {
+func dialAllParameters(network, raddr string, priority Priority, tag string, tlsConfig *tls.Config, customDial DialFunc, dial *net.Dialer) (*Writer, error) {
 	if err := validatePriority(priority); err != nil {
 		return nil, err
 	}
@@ -103,6 +118,7 @@ func dialAllParameters(network, raddr string, priority Priority, tag string, tls
 		raddr:      raddr,
 		tlsConfig:  tlsConfig,
 		customDial: customDial,
+		dial:       dial,
 	}
 
 	_, err := w.connect()
diff --git a/srslog_test.go b/srslog_test.go
index 5532bb5..09d7e6e 100644
--- a/srslog_test.go
+++ b/srslog_test.go
@@ -263,10 +263,16 @@ func TestDial(t *testing.T) {
 		t.Skip("skipping syslog test during -short")
 	}
 	f, err := Dial("", "", (LOG_LOCAL7|LOG_DEBUG)+1, "syslog_test")
+	if err == nil {
+		t.Fatalf("Should have trapped bad priority")
+	}
 	if f != nil {
 		t.Fatalf("Should have trapped bad priority")
 	}
 	f, err = Dial("", "", -1, "syslog_test")
+	if err == nil {
+		t.Fatalf("Should have trapped bad priority")
+	}
 	if f != nil {
 		t.Fatalf("Should have trapped bad priority")
 	}
@@ -426,7 +432,7 @@ func TestTLSCertWrite(t *testing.T) {
 				t.Fatalf("cold not read cert: %v", err)
 			}
 
-			l, err := DialWithTLSCert("tcp+tls", addr, test.pri, test.pre, cert)
+			l, err := DialWithTLSCert("tcp+tls", addr, test.pri, test.pre, cert, WithTimeout(10*time.Second))
 			if err != nil {
 				t.Fatalf("syslog.Dial() failed: %v", err)
 			}
@@ -541,7 +547,10 @@ func TestLocalConn(t *testing.T) {
 
 	lc := localConn{conn: conn}
 
-	lc.writeString(nil, nil, LOG_ERR, "hostname", "tag", "content")
+	err := lc.writeString(nil, nil, LOG_ERR, "hostname", "tag", "content")
+	if err != nil {
+		t.Fatalf("%v", err)
+	}
 
 	if len(messages) != 1 {
 		t.Errorf("should write one message")
diff --git a/test/cert.pem b/test/cert.pem
index 57e4137..cd53658 100644
--- a/test/cert.pem
+++ b/test/cert.pem
@@ -1,18 +1,32 @@
 -----BEGIN CERTIFICATE-----
-MIIC4DCCAcigAwIBAgIQK5t5Skr1T6GQQn6u9VSXZTANBgkqhkiG9w0BAQsFADAU
-MRIwEAYDVQQDDAkxMjcuMC4wLjEwHhcNMTUxMjA3MTAxMTI0WhcNMTgxMjMxMDAw
-MDAwWjAUMRIwEAYDVQQDDAkxMjcuMC4wLjEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
-DwAwggEKAoIBAQDr9UU6xYOCGQgmXOA3HH6ZW/xKATDzxn58nQWXy/1kqI84NFPb
-9elpWUxU0D86xcU7YZDV1I79N00SaDTYyHAMLHi6WUt55nokLTRA15mxskRbYE8H
-5ANKB1+fBDP1LLtGgIhfU2mkfxJpxtSkcSgmXIi0hstIGzGT98QIsSdUeCpZWF9s
-KmajGV7wJtzpNcUO8BOh5sd5s37K2A5C7w9HZvINPV+/1FDP5GalOhg94eprfV0y
-78z/+Sxqr7wc2rTw27cjf5waTgQYgEbzBowMQJP1ojI646vYBrg3TEX7tjnC7f8E
-+Y7xe614c0Bj8XhJZbNV0MIG8Ka49HlUTcejAgMBAAGjLjAsMA8GA1UdEQQIMAaH
-BH8AAAEwCwYDVR0PBAQDAgGuMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQAD
-ggEBAOdc2KSjnQfd8ZS2nAO9opo9D82q+03LrC6ZGun5/NvAazUS+uJ5wyTpx9A5
-45s3Cib7eCrlHsB7UbslUm33+VVeSmj+VCBYkW5iY6kLth007pVonmxCi/hF37dm
-y8XoSifJA7CdPRptI8LAHn/H34Awl43vaGHQDLaaCgFBDTtKWxjvdKS2aSvXWvjC
-81k+i5mb1OiJSoioLSgtX94txde/gDI87yrKWNLBQ7MqPzSg8DtRXftUeaLgcKlQ
-KjYg0wx90HUwpi5Hv2E1Q09LmecyHuquYpve364xlK1lQjEdkaGn2nNCPUHOiHT7
-1BAIPcvnMumWv7uBYAW5nYCaeRw=
+MIIFhjCCA26gAwIBAgIJAKGzkuoFshxFMA0GCSqGSIb3DQEBCwUAMHgxCzAJBgNV
+BAYTAlVTMQwwCgYDVQQIDANOL0ExDDAKBgNVBAcMA04vQTEgMB4GA1UECgwXU2Vs
+Zi1zaWduZWQgY2VydGlmaWNhdGUxKzApBgNVBAMMIjEyMC4wLjAuMTogU2VsZi1z
+aWduZWQgY2VydGlmaWNhdGUwHhcNMjIwOTI4MjEwMDMzWhcNMjQwOTI3MjEwMDMz
+WjB4MQswCQYDVQQGEwJVUzEMMAoGA1UECAwDTi9BMQwwCgYDVQQHDANOL0ExIDAe
+BgNVBAoMF1NlbGYtc2lnbmVkIGNlcnRpZmljYXRlMSswKQYDVQQDDCIxMjAuMC4w
+LjE6IFNlbGYtc2lnbmVkIGNlcnRpZmljYXRlMIICIjANBgkqhkiG9w0BAQEFAAOC
+Ag8AMIICCgKCAgEAnLrJD6tTWxabl1BLvpAXtSnuoSpMZ43MAqhCnLGQuuh9R5CM
+1HEP0YMy2Q+cXCGmAbw0MZEucsuAAkDmfNKujAnV4Up3kdpIYlfYVO8ax1MOAGBI
+K+55AAXGynUB1UTV89kZbYKw4G0wCxeZKceshcRISUYUZljK3CJyVk53er7c98yT
+KZmp6VuUU18whn8tNUsUgaBC/uBwuUhRYS2nCb+N8E16Dz5ZcetobRJZElEpsnOb
+6gRg4YqzUbC+9sM6QGNFCQ9evd9Q8BZEhZbUgwXL+zULP6EMRSR3jDtOeBpLpxC1
+fIG5kI6fhIU8QRERayBt3VjPY0vLCihl5IrLaHQFCzcWaouSQfd0h+4ZS3U2jWn5
+BR1cDuzy389Nz0kUDnT5HOo4y4pJenwiISLMUVesP2uj9Mv6tu2OpqwKcf12g6Bs
+aafGkL9A7UfSywM15/T1X5ZKZZzcAmkapOM1uRLuTUrWigs7sJahjEZurk6YRFph
+jHQFB/eDnF+HlgOMLcNNJffMwCLkAKu/tcZF1B9CgsURy8o74z1PRtls/L0Ukqsu
+z5XokK1DoA+7C0AnKTzR5FThtfkVCrjM2GEU4iBfd1/eoi0GW+cP3X1v9MBXKSZZ
+PxdXz16u/61XgBXyhFad6eoze6hk6IcX0NmJQymI1zEwHFVB/cbCkBe1tUcCAwEA
+AaMTMBEwDwYDVR0RBAgwBocEfwAAATANBgkqhkiG9w0BAQsFAAOCAgEAJc/RFlMt
+2Of49JFwUo/hSLOiv5cw/vffcoSLj2+Ttn7iSZnWg80kLcbhwenAYw5AIA8HE5ql
+04gZx4rAuEkDQqibI1V9NAeIMqQC521iRmaOOVQpyPQHQoyXoqHvcI6h2dzVclTw
+mQZ38YbLkRo1RhoBSguzZJqPLp25lbj9Q69kXg+/t8sCZ0JQJ729YVrgta4q/6Au
+73Rbg8QvrAPrrJYlMjDl98JlasHC0UnggxBAbXseLmADM/eJCq2YeyQwd+wh103c
+dVpV3ajAAFxSvPlH1GDwZX7L0QXkyHsTLiFNZ8zjYc3SFJOJfVGTJBb3foHqsJim
+F28ptNqnuKCosEvrpN8mjtuM3/NLXMG5rf1BJ1ewcvy1hoxJJX/FpGZVr2AMivZ2
+JF1bJgJ3WQdd/e8f285snDrp5ruHrBL+MYoeKmb1gCXxJIWA426OxrCcDKxgSRPU
+21WmenchHg2RvYXmxx/c0rMt/tuB90Fmb00A9xKNE49X2f8wRZ+cD5+EcghfleJ8
+ifTEo/kj9BqBbjsRPYnHenNhr1J2byNeEwcVrp1nUaLaduiR/JHCc7ievBw3LY2K
+oSpzMjcTv4L+/y9v8A02/+8Y1pCmjuKRjNb1CUvi8A2O5rhyJoKyUl0IjoQ9zrF5
+TMTpNa2c4bRZLT0b4mo/WbHRBQ+Jtl5V6A4=
 -----END CERTIFICATE-----
diff --git a/test/privkey.pem b/test/privkey.pem
index 658846e..fabaa0d 100644
--- a/test/privkey.pem
+++ b/test/privkey.pem
@@ -1,28 +1,52 @@
 -----BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDr9UU6xYOCGQgm
-XOA3HH6ZW/xKATDzxn58nQWXy/1kqI84NFPb9elpWUxU0D86xcU7YZDV1I79N00S
-aDTYyHAMLHi6WUt55nokLTRA15mxskRbYE8H5ANKB1+fBDP1LLtGgIhfU2mkfxJp
-xtSkcSgmXIi0hstIGzGT98QIsSdUeCpZWF9sKmajGV7wJtzpNcUO8BOh5sd5s37K
-2A5C7w9HZvINPV+/1FDP5GalOhg94eprfV0y78z/+Sxqr7wc2rTw27cjf5waTgQY
-gEbzBowMQJP1ojI646vYBrg3TEX7tjnC7f8E+Y7xe614c0Bj8XhJZbNV0MIG8Ka4
-9HlUTcejAgMBAAECggEBAMHtYIuwH6iCOD+HX8QLyET05AJSvk/smLKEPz+GKWlc
-W/FemHmUv9SUzvZ5/S2ps7NdObN0slyM4ew59w0gl2558nN9xlmWwlYPTP3p9Oil
-0iajnfCnRsjGDKHdy3I65GRKaUqnfJD020ZSYxwP4Ga+8KAmlNZbe0DYhqZ6Kw/w
-6wwYNvxptjd85Q+jJGj9nyUxL+68LROYNcZga4PQIqNvF1yOvCMIyGKSptfmLRDg
-nXAs5vJHPNXdZ5+PC1MmiP2wxC3hZncFVTACoW35++CC6CLmg2OfTOyFZ9FMEQ57
-oI99Ed7bjanEioMj8fSk49qIIdFix09ArLa+Rid8fTECgYEA+1w65b5Oq4YU0zXE
-C23bgy3D/gZ+vhxCuRU8NLrIKsyFIZuCcA7YU+U/D/ngI52xLEcvSp/NAH/xKHh8
-Lop0cKA7oysMxMM4BtEC5N+SquRJKsgg+V36DDNGja4D/4HZ9IlLzTGHL51FI4hd
-o489YqgpG0YdCpg5GfoWgQTufIkCgYEA8FBCZQjlFg/cifUewNPQ9mzOz2TyxFTp
-olwsqJTnxLgXBJ4N6rdc61bLrWowv7yBHG7/kyMY6s7oWZZCk8EcU682P4DI3X0B
-MxuaccMYWc7ttRJEpXWArxiDVCc2sDHVUR23pt0tsSRhQXHlO8HE3679yfG6YGxA
-F9WRBct9D8sCgYA6DXMM3IcO1ki4/xHoEddA1LEPWjCrd5txY5YkF39jYxjcSi41
-8zfDKI8IAY3iq+jfcRFbCs0t8F6iGjGUDiYWXOtpI+gvCWdHK76fXYNiNJcxakcz
-UKEPcEg7MJV7zWGpOIxpN6chOBFfw37c55gl0PCte+P5Lm8BsODBq4HpAQKBgB2Q
-0kpZ6M1pECoM9UamCLx4sI0Fj3SmOcRW8Mug3k7uky5nP7ET9COkHxTrzqmYSI41
-/c2dcNBaum1jNje1d4W4NcVkU9IkMgSWrc63QQSzl71CTR3KMhXYvzeYR3sv9l2v
-eUvXRGrZ3flOSPSsJ0uZ3PF+gv6f8ta72MbMvUs3AoGBAPTkm1N56EI4KZIO+uq8
-lh094Lytty1MjfhgVf1sRzE+kPxzyo1g2LpnWQ43UZMD5bQ7fR3rr9ofCzPa9OlX
-IRXUv4mNFzzDmEZwrrt1TA/EjkosdtqcCg0syvBUEBCkYTdvSxaDCw80sS0DVlEH
-gqIra7+MAgb8y+m47tZyO7KZ
+MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQCcuskPq1NbFpuX
+UEu+kBe1Ke6hKkxnjcwCqEKcsZC66H1HkIzUcQ/RgzLZD5xcIaYBvDQxkS5yy4AC
+QOZ80q6MCdXhSneR2khiV9hU7xrHUw4AYEgr7nkABcbKdQHVRNXz2RltgrDgbTAL
+F5kpx6yFxEhJRhRmWMrcInJWTnd6vtz3zJMpmanpW5RTXzCGfy01SxSBoEL+4HC5
+SFFhLacJv43wTXoPPllx62htElkSUSmyc5vqBGDhirNRsL72wzpAY0UJD16931Dw
+FkSFltSDBcv7NQs/oQxFJHeMO054GkunELV8gbmQjp+EhTxBERFrIG3dWM9jS8sK
+KGXkistodAULNxZqi5JB93SH7hlLdTaNafkFHVwO7PLfz03PSRQOdPkc6jjLikl6
+fCIhIsxRV6w/a6P0y/q27Y6mrApx/XaDoGxpp8aQv0DtR9LLAzXn9PVflkplnNwC
+aRqk4zW5Eu5NStaKCzuwlqGMRm6uTphEWmGMdAUH94OcX4eWA4wtw00l98zAIuQA
+q7+1xkXUH0KCxRHLyjvjPU9G2Wz8vRSSqy7PleiQrUOgD7sLQCcpPNHkVOG1+RUK
+uMzYYRTiIF93X96iLQZb5w/dfW/0wFcpJlk/F1fPXq7/rVeAFfKEVp3p6jN7qGTo
+hxfQ2YlDKYjXMTAcVUH9xsKQF7W1RwIDAQABAoICAEZ9D153vGaUNWgJWfeb0L3O
+3R8o6fIM6Pss98CHb8NQOsAL9/q32thsvFq5VaZuD75qCcNdO1mvwqPA0qjDDHO5
+HLNVjY9QcAui3I3ed9m7telfZDY167+h2XVGyItFiUBBnNkO1UQqd1gVxfHvdt02
+mRgzZ4tcVehJqci9Q6k13CWqoWktTijA4mXYwvdKjWeRm+hszpTZFnmOV+Nv59dP
+iqPQBJyEey/sIywi+2JslGdI7Y+DZpspiVqtNkW/Khy5SNw5SG/21u0T5r96RZuj
+6MjTY3q7kMwsCYRNTA5iLTI3JpiXs4CbVI0Ca0YMShw3GpJZlfRfqzKnVqRB9BcT
+IX6uo/bzmcvWclgm48oTvBM5uu7ePK5Rwczp2HGV+vUr9+o0iB7MvDlF2pvwsn/h
+5V/5moGr37c/OpC7Td10cfBSNNy1MzQDRcIgCpl475tuwin6FXNv78DCV+z2jZFY
+HUBrLtdNDHh9veKoCUFJ9u6bBBo195E0+Q0F1952wDMzUEEU3RSfe4u/MfLXs/84
+Milssk8N624oonpcACOKNtYgFwwZIyVT7JO1ONERTGOSsP/hymNADFu9w4y9YsQt
+H4BqZDEDxQlqkfZ51YjOQbmgzoBXlsrOPITX9OI7hP60aNeLCkI4DbsxSeqZcdAJ
+ELUMDbJJj+Bbs3/6jxXxAoIBAQDI8/7uhXsvFFAQKRv97j3WyhGDwfzCLjDE3UNS
+fjztQzjVEAM8R3HAOJXCx6kJM9LUWfEcW6gyWATgCVAuwq4pMmGRX4GjwaJeImvq
++xoY40KT3jCRFvYOX0IcESoUNfBdiVbd6s5LQ8HJOaKGVW8RDp7Naskegj2iijVM
+sBQ1YMV7HF+/4VJsUxsoKQUFJUKfK+PN5vfV9R9Ybs2tY/MeHF7o+BZZ8wR1C3Ut
+jFuu5HKo966mqCteP5Db6CI1XN/KcVgJW1d1HeGh4kDf01tHS4EBIyGCrCCOKzix
+49YRj/DM7mMFOcXkr6dVoCuRMNLxeAIw3+DUk0BlNMrNywzZAoIBAQDHqZTQzG7b
+YwRA5A+g45cy1CBXGv/5LYhtuOpoHE+/SLmztCK8AGHVS8D7tdcvLMYTngaT6OE8
+zatiChWwdTD5l55RiPWmsAETIrbZQOjKxLLSKxe90jmeCoQGH8N7tgDIpzxWrOq6
+0fBCeN9AITncvOBgdnzKjC+2B8/GsJgYXwiKB7BztUEDeR03G7kn+LiDXjwaBhmQ
+qzyD6sG+EOkVKjWXhh1QShYvdyXkJj28jZCAGNNvGPQnX+Mgwg2Cz5ODCS5j+oDN
+YLc1u3x24ASklJlvvTJ32f+PzmahvBkdx2txXuSMoUhPLWw2I5227Gf116WZSlCU
+Z9DrBIclC/8fAoIBAQC9TFvSBRvNda0WDCO6STsnoqJtI8geg7SdPnG0vAZY2wIm
+czcZCZQ2JxesrLinWpI4R6HBvPXsts2g3iUSZ4H4fOU8NGPDBx0U4AgZCwHCgBKv
+iJbnlmGjmEiGeATTlRwggMe7tP0wGVvrWsenE8PUpZkimH1sp/O3scoTu6rNvaNK
+Hah08KTcNk1Wv41jE352wrmNtQ2yF363p2lI9OaIbuFZRJqJkUuZlnmDtryHO9xn
+Hyr/A1wXJHopLbtL2XlXEv6DkfAI+2UZQjEqp8dMmeukTpu6pLrmMgDuUlnNoXKN
+GeNdgNbSXkWbe46O7xdHMG2f7MW2eiAnNlv1EFnBAoIBAQCZg1yFUbmmerIphnAx
+vutgzFJ1RrArEQRFgJjSJXp3U15cuhK+w/h0vAMMRZrGjcFaEfVywep0CppMDf7x
+JpnaPeYfQJPHbqnU4ar+zXZveN8Y0sM1Uq60QdeSsddmheCCZnrxFZCAxavaH/9e
+2m0XuC04XcHDJhgE+GqblOnMSz1Qi2ry/BiZqAR7e5hYEFclwk2poKkFX3Nu5g/C
+qFPdzw9Ximl9cwktw4lhqrlrANlqdCwUznXi1EnYxPsIabs8U9HUUyW3QzZ6XMXs
+zH8lX4+9pxVnqzhghEzK68nP6KVGjLRjIBptrjn2Qlof7BJepkiP3OCpykyKdnfG
+Vzv3AoIBAQC5/8VndsQ6JfGWmGbvPkxTA0kFazAEbAbtQkQix8V31endilgFuSP/
++8gEbEa4Aqk9Hn6m/HGe6M7syIAbbZwJej7g9ho4j+17+SbjSwx0XJIqfubJr7ni
+4q6oCMkgs/JmK6/9TA3F2TAMJzAO2tT3RH0LC3ZI4xruo3XALuFfFuNDPqODk2EC
+4lGHXT2J6tPWlbduLtv+gyW1vxYJnRxUWpKU/k1YlUJfWrHNUNEWxFDB0sMFAh2w
+Fm5ceVYOvBDHaKq0w5wFZElTrSRhXcmfUTFGhVZiSBy67mFlV68cD1aWbHa05ofV
+3WUfpJ+OdBn+3VO04PotF1cVOwBjxO/m
 -----END PRIVATE KEY-----
diff --git a/test/san.cnf b/test/san.cnf
new file mode 100644
index 0000000..dc7216f
--- /dev/null
+++ b/test/san.cnf
@@ -0,0 +1,18 @@
+[req]
+default_bits  = 2048
+distinguished_name = req_distinguished_name
+req_extensions = req_ext
+x509_extensions = v3_req
+prompt = no
+[req_distinguished_name]
+countryName = US
+stateOrProvinceName = N/A
+localityName = N/A
+organizationName = Self-signed certificate
+commonName = 120.0.0.1: Self-signed certificate
+[req_ext]
+subjectAltName = @alt_names
+[v3_req]
+subjectAltName = @alt_names
+[alt_names]
+IP.1 = 127.0.0.1
diff --git a/writer.go b/writer.go
index 86bccba..1d2edee 100644
--- a/writer.go
+++ b/writer.go
@@ -2,6 +2,7 @@ package srslog
 
 import (
 	"crypto/tls"
+	"net"
 	"strings"
 	"sync"
 )
@@ -19,6 +20,7 @@ type Writer struct {
 
 	//non-nil if custom dialer set, used in getDialer
 	customDial DialFunc
+	dial       *net.Dialer
 
 	mu   sync.RWMutex // guards conn
 	conn serverConn