diff --git a/ChangeLog.md b/ChangeLog.md
index 56ec0ba8..56ce2ddf 100644
--- a/ChangeLog.md
+++ b/ChangeLog.md
@@ -1,3 +1,7 @@
+## 0.1.15
+
+- Support customizing ClientHooks and ServerHooks config from tls
+
 ## 0.1.14
 
 - Using crypto-token v0.1
diff --git a/Network/QUIC/Config.hs b/Network/QUIC/Config.hs
index 952978db..f8874229 100644
--- a/Network/QUIC/Config.hs
+++ b/Network/QUIC/Config.hs
@@ -3,6 +3,7 @@
 
 module Network.QUIC.Config where
 
+import Data.Default.Class
 import Data.IP
 import Network.Socket
 import Network.TLS hiding (Hooks, HostName, Version)
@@ -57,6 +58,7 @@ data ClientConfig = ClientConfig
     , ccCredentials :: Credentials
     -- ^ TLS credentials.
     , ccHooks :: Hooks
+    , ccTlsHooks :: ClientHooks
     , ccUse0RTT :: Bool
     -- ^ Use 0-RTT on the 2nd connection if possible.
     -- client original
@@ -89,6 +91,7 @@ defaultClientConfig =
         , ccQLog = Nothing
         , ccCredentials = mempty
         , ccHooks = defaultHooks
+        , ccTlsHooks = def
         , ccUse0RTT = False
         , -- client original
           ccServerName = "127.0.0.1"
@@ -117,6 +120,7 @@ data ServerConfig = ServerConfig
     , scCredentials :: Credentials
     -- ^ Server certificate information.
     , scHooks :: Hooks
+    , scTlsHooks :: ServerHooks
     , scUse0RTT :: Bool
     -- ^ Use 0-RTT on the 2nd connection if possible.
     -- server original
@@ -143,6 +147,7 @@ defaultServerConfig =
         , scQLog = Nothing
         , scCredentials = mempty
         , scHooks = defaultHooks
+        , scTlsHooks = def
         , scUse0RTT = False
         , -- server original
           scAddresses = [("0.0.0.0", 4433), ("::", 4433)]
diff --git a/Network/QUIC/TLS.hs b/Network/QUIC/TLS.hs
index bd9fa99a..468a5c47 100644
--- a/Network/QUIC/TLS.hs
+++ b/Network/QUIC/TLS.hs
@@ -6,6 +6,7 @@ module Network.QUIC.TLS (
     serverHandshaker,
 ) where
 
+import Control.Applicative ((<|>))
 import Data.Default.Class
 import Network.TLS hiding (Version)
 import Network.TLS.QUIC
@@ -57,8 +58,8 @@ clientHandshaker callbacks ClientConfig{..} ver myAuthCIDs establish use0RTT = d
             , sharedSessionManager = sessionManager establish
             }
     hook =
-        def
-            { onSuggestALPN = ccALPN ver
+        ccTlsHooks
+            { onSuggestALPN = (<|>) <$> ccALPN ver <*> onSuggestALPN ccTlsHooks
             }
     supported =
         defaultSupported
@@ -101,14 +102,15 @@ serverHandshaker callbacks ServerConfig{..} ver getParams =
             , sharedSessionManager = scSessionManager
             }
     hook =
-        def
+        scTlsHooks
             { onALPNClientSuggest = case scALPN of
-                Nothing -> Nothing
+                Nothing -> onALPNClientSuggest scTlsHooks
                 Just io -> Just $ io ver
             , onEncryptedExtensionsCreating = \exts0 -> do
+                exts0' <- onEncryptedExtensionsCreating scTlsHooks exts0
                 params <- getParams
                 let exts = convExt $ parametersToExtensionRaw ver $ convTP params
-                return $ exts ++ exts0
+                return $ exts ++ exts0'
             }
     supported =
         def