diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1540d0dd..7d83cb6a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -18,6 +18,7 @@ TODO?: always generate self-signed certificates. Could be used for outgoing s2s?
 TODO: check in the diagnostic tool that Prosody is >=0.12
 TODO?: allow directs2s on one side and websocket on the other? (currently disallowed by compatibleRemoteAuthenticatedConnectionEnabled)
 TODO: alpha.4 version force Websocket S2S when available, even if s2s is possible. Revert this before releasing.
+TODO: for directS2S, needs a SRV records for the main host if port is not standard.. Must document.
 
 ### Minor changes and fixes
 
diff --git a/prosody-modules/mod_websocket_s2s_peertubelivechat/mod_websocket_s2s_peertubelivechat.lua b/prosody-modules/mod_websocket_s2s_peertubelivechat/mod_websocket_s2s_peertubelivechat.lua
index e6f47b82..122e820b 100644
--- a/prosody-modules/mod_websocket_s2s_peertubelivechat/mod_websocket_s2s_peertubelivechat.lua
+++ b/prosody-modules/mod_websocket_s2s_peertubelivechat/mod_websocket_s2s_peertubelivechat.lua
@@ -366,7 +366,7 @@ end
 local function keepalive(event)
 	local session = event.session;
 	if session.open_stream == session_open_stream then
-		local log = session.log or log
+		local log = session.log or log;
 		log("debug", "Sending a keepalive on outgoing websocket s2s");
 		return session.conn:write(build_frame({ opcode = 0x9, FIN = true }));
 	end
@@ -573,7 +573,7 @@ function route_to_new_session(event)
 	ex["headers"] = ws_properties.extra_headers or {};
 	ex["protocol"] = "xmpp";
 
-	if ws_url:find('^wss') ~= nil then
+	if ws_url:find('^wss:') ~= nil then
 		log("debug", "Outgoing WS S2S Session is considered secure, we are using wss");
 		session.secure = true;
 	else