diff --git a/example/login.hs b/example/login.hs
index de25c11..10dbccb 100644
--- a/example/login.hs
+++ b/example/login.hs
@@ -55,7 +55,7 @@ main = do
 
 login :: Conf -> IO (Either LdapError ())
 login conf =
-  Ldap.with (Ldap.Secure (host conf)) (port conf) $ \l -> do
+  Ldap.with (Ldap.Tls (host conf) Ldap.defaultTlsSettings) (port conf) $ \l -> do
     Ldap.bind l (dn conf) (password conf)
     fix $ \loop -> do
       uid <- prompt "Username: "
diff --git a/src/Ldap/Client.hs b/src/Ldap/Client.hs
index 018a72c..1b20b02 100644
--- a/src/Ldap/Client.hs
+++ b/src/Ldap/Client.hs
@@ -10,6 +10,8 @@
 module Ldap.Client
   ( with
   , Host(..)
+  , defaultTlsSettings
+  , insecureTlsSettings
   , PortNumber
   , Ldap
   , LdapError(..)
@@ -161,28 +163,30 @@ with host port f = do
   params = Conn.ConnectionParams
     { Conn.connectionHostname =
         case host of
-          Plain    h -> h
-          Secure   h -> h
-          SecureWithTLSSettings h _ -> h
-          Insecure h -> h
+          Plain h -> h
+          Tls   h _ -> h
     , Conn.connectionPort = port
     , Conn.connectionUseSecure =
         case host of
           Plain  _ -> Nothing
-          Secure _ -> Just Conn.TLSSettingsSimple
-            { Conn.settingDisableCertificateValidation = False
-            , Conn.settingDisableSession = False
-            , Conn.settingUseServerName = False
-            }
-          SecureWithTLSSettings _ settings -> Just settings
-          Insecure _ -> Just Conn.TLSSettingsSimple
-            { Conn.settingDisableCertificateValidation = True
-            , Conn.settingDisableSession = False
-            , Conn.settingUseServerName = False
-            }
+          Tls _ settings -> pure settings
     , Conn.connectionUseSocks = Nothing
     }
 
+defaultTlsSettings :: Conn.TLSSettings
+defaultTlsSettings = Conn.TLSSettingsSimple
+  { Conn.settingDisableCertificateValidation = False
+  , Conn.settingDisableSession = False
+  , Conn.settingUseServerName = False
+  }
+
+insecureTlsSettings :: Conn.TLSSettings
+insecureTlsSettings = Conn.TLSSettingsSimple
+  { Conn.settingDisableCertificateValidation = True
+  , Conn.settingDisableSession = False
+  , Conn.settingUseServerName = False
+  }
+
 input :: FromAsn1 a => TQueue a -> Connection -> IO b
 input inq conn = wrap . flip fix [] $ \loop chunks -> do
   chunk <- Conn.connectionGet conn 8192
diff --git a/src/Ldap/Client/Internal.hs b/src/Ldap/Client/Internal.hs
index 07c10a7..ead4e93 100644
--- a/src/Ldap/Client/Internal.hs
+++ b/src/Ldap/Client/Internal.hs
@@ -43,11 +43,8 @@ import qualified Ldap.Asn1.Type as Type
 
 -- | LDAP host.
 data Host =
-    Plain String    -- ^ Plain LDAP.
-  | Insecure String -- ^ LDAP over TLS without the certificate validity check.
-  | Secure String   -- ^ LDAP over TLS.
-  | SecureWithTLSSettings String TLSSettings
-                    -- ^ LDAP over TLS with the ability to specify detailed TLS settings.
+    Plain String           -- ^ Plain LDAP.
+  | Tls String TLSSettings -- ^ LDAP over TLS.
     deriving (Show)
 
 -- | A token. All functions that interact with the Directory require one.
diff --git a/test/SpecHelper.hs b/test/SpecHelper.hs
index 23d4b4e..bd39f6c 100644
--- a/test/SpecHelper.hs
+++ b/test/SpecHelper.hs
@@ -53,7 +53,7 @@ locally f =
           (\_ -> Ldap.with localhost port f)
 
 localhost :: Host
-localhost = Insecure "localhost"
+localhost = Tls "localhost" insecureTlsSettings
 
 port :: Num a => a
 port = 24620