diff --git a/src/shrpx_config.cc b/src/shrpx_config.cc
index 21f8f1a4..4bd4efdf 100644
--- a/src/shrpx_config.cc
+++ b/src/shrpx_config.cc
@@ -1265,7 +1265,7 @@ int parse_psk_secrets(Config *config, const StringRef &path) {
 
 namespace {
 // Reads PSK secrets from path, and parses each line.  The result is
-// directly stored into config->tls.client_psk.  This function returns
+// directly stored into config->tls.client.psk.  This function returns
 // 0 if it succeeds, or -1.
 int parse_client_psk_secrets(Config *config, const StringRef &path) {
   auto &tlsconf = config->tls;
@@ -1310,10 +1310,10 @@ int parse_client_psk_secrets(Config *config, const StringRef &path) {
       return -1;
     }
 
-    tlsconf.client_psk.identity =
+    tlsconf.client.psk.identity =
         make_string_ref(config->balloc, StringRef{std::begin(line), sep_it});
 
-    tlsconf.client_psk.secret =
+    tlsconf.client.psk.secret =
         util::decode_hex(config->balloc, StringRef{sep_it + 1, std::end(line)});
 
     return 0;
diff --git a/src/shrpx_config.h b/src/shrpx_config.h
index c033b639..118ecc1a 100644
--- a/src/shrpx_config.h
+++ b/src/shrpx_config.h
@@ -546,19 +546,18 @@ struct TLSConfig {
     bool enabled;
   } client_verify;
 
-  // Client private key and certificate used in backend connections.
+  // Client (backend connection) TLS configuration.
   struct {
+    // Client PSK configuration
+    struct {
+      // identity must be NULL terminated string.
+      StringRef identity;
+      StringRef secret;
+    } psk;
     StringRef private_key_file;
     StringRef cert_file;
   } client;
 
-  // Client PSK configuration
-  struct {
-    // identity must be NULL terminated string.
-    StringRef identity;
-    StringRef secret;
-  } client_psk;
-
   // PSK secrets.  The key is identity, and the associated value is
   // its secret.
   std::map<StringRef, StringRef> psk_secrets;
diff --git a/src/shrpx_ssl.cc b/src/shrpx_ssl.cc
index 9912ac5c..dee8662a 100644
--- a/src/shrpx_ssl.cc
+++ b/src/shrpx_ssl.cc
@@ -556,8 +556,8 @@ unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity_out,
   auto config = get_config();
   auto &tlsconf = config->tls;
 
-  auto &identity = tlsconf.client_psk.identity;
-  auto &secret = tlsconf.client_psk.secret;
+  auto &identity = tlsconf.client.psk.identity;
+  auto &secret = tlsconf.client.psk.secret;
 
   if (identity.empty()) {
     return 0;