diff --git a/main/src/main/res/values/arrays.xml b/main/src/main/res/values/arrays.xml
index 3d6512c1d..2016cffe4 100644
--- a/main/src/main/res/values/arrays.xml
+++ b/main/src/main/res/values/arrays.xml
@@ -18,9 +18,9 @@
         <item>External Auth Provider</item>
     </string-array>
     <string-array name="tls_directions_entries">
-        <item translatable="false">0</item>
-        <item translatable="false">1</item>
-        <item>Unspecified</item>
+        <item translatable="false">tls-auth - --direction 0</item>
+        <item translatable="false">tls-auth - --direction 1</item>
+        <item>tls-auth --direction not specified</item>
         <item>Encryption (--tls-crypt)</item>
         <item>TLS Crypt V2</item>
     </string-array>
diff --git a/main/src/main/res/values/strings.xml b/main/src/main/res/values/strings.xml
index 371458704..e9ae302b4 100755
--- a/main/src/main/res/values/strings.xml
+++ b/main/src/main/res/values/strings.xml
@@ -26,8 +26,8 @@
     <string name="pkcs12pwquery">PKCS12 Password</string>
     <string name="file_select">Select…</string>
     <string name="file_nothing_selected">You must select a file</string>
-    <string name="useTLSAuth">Use TLS Authentication</string>
-    <string name="tls_direction">TLS Direction</string>
+    <string name="useTLSAuth">Use Control Channel Authentication/Encryption</string>
+    <string name="tls_direction">Authentication/encryption method</string>
     <string name="ipv6_dialog_tile">Enter IPv6 Address/Netmask in CIDR Format (e.g. 2000:dd::23/64)</string>
     <string name="ipv4_dialog_title">Enter IPv4 Address/Netmask in CIDR Format (e.g. 1.2.3.4/24)</string>
     <string name="ipv4_address">IPv4 Address</string>
@@ -68,8 +68,8 @@
     <string name="remote_tlscn_check_title">Certificate Hostname Check</string>
     <string name="enter_tlscn_dialog">Specify the check used to verify the remote certificate DN (e.g. C=DE, L=Paderborn, OU=Avian IP Carriers, CN=openvpn.blinkt.de)\n\nSpecify the complete DN or the RDN (openvpn.blinkt.de in the example) or an RDN prefix for verification.\n\nWhen using RDN prefix \"Server\" matches \"Server-1\" and \"Server-2\"\n\nLeaving the text field empty will check the RDN against the server hostname.\n\nFor more details see the OpenVPN 2.3.1+ manpage under —verify-x509-name</string>
     <string name="enter_tlscn_title">Remote certificate subject</string>
-    <string name="tls_key_auth">Enables the TLS Key Authentication</string>
-    <string name="tls_auth_file">TLS Auth File</string>
+    <string name="tls_key_auth">Enables an additional authentication/encryption layer for the OpenVPN control channel</string>
+    <string name="tls_auth_file">TLS Auth/TLS Encryption File</string>
     <string name="pull_on_summary">Requests IP addresses, routes and timing options from the server.</string>
     <string name="pull_off_summary">No information is requested from the server. Settings need to be specified below.</string>
     <string name="use_pull">Pull Settings</string>