diff --git a/src/analyzer/protocol/ssl/proc-certificate.pac b/src/analyzer/protocol/ssl/proc-certificate.pac
index 853347eaf6..9107436796 100644
--- a/src/analyzer/protocol/ssl/proc-certificate.pac
+++ b/src/analyzer/protocol/ssl/proc-certificate.pac
@@ -1,20 +1,12 @@
-function proc_certificate(is_orig: bool, certificates : bytestring[]) : bool
+function proc_certificate(is_orig: bool, is_flipped: bool, certificates : bytestring[]) : bool
 	%{
 	if ( certificates->size() == 0 )
 		return true;
 
-	// this has to execute in both contexts, ssl and tls-handshake. In one we have flipped_,
-	// in the other we have ssl_analyzer()->GetFlipped(). And in both cases the other case
-	// does not work (and cannot be made to work easily).
-
-#ifndef USE_FLIPPED
-	bool flipped_ = zeek_analyzer()->GetFlipped();
-#endif
-
 	zeek::ODesc common;
 	common.AddRaw("Analyzer::ANALYZER_SSL");
 	common.Add(zeek_analyzer()->Conn()->StartTime());
-	common.AddRaw(is_orig ^ flipped_ ? "T" : "F", 1);
+	common.AddRaw(is_orig ^ is_flipped ? "T" : "F", 1);
 	zeek_analyzer()->Conn()->IDString(&common);
 
 	static const string user_mime = "application/x-x509-user-cert";
@@ -39,7 +31,7 @@ function proc_certificate(is_orig: bool, certificates : bytestring[]) : bool
 
 		zeek::file_mgr->DataIn(reinterpret_cast<const u_char*>(cert.data()),
 		                       cert.length(), zeek_analyzer()->GetAnalyzerTag(),
-		                       zeek_analyzer()->Conn(), is_orig ^ flipped_,
+		                       zeek_analyzer()->Conn(), is_orig ^ is_flipped,
 		                       file_id, i == 0 ? user_mime : ca_mime);
 		zeek::file_mgr->EndOfFile(file_id);
 		}
diff --git a/src/analyzer/protocol/ssl/ssl-analyzer.pac b/src/analyzer/protocol/ssl/ssl-analyzer.pac
index 3f7543c39f..05badf63cc 100644
--- a/src/analyzer/protocol/ssl/ssl-analyzer.pac
+++ b/src/analyzer/protocol/ssl/ssl-analyzer.pac
@@ -103,7 +103,7 @@ refine connection SSL_Conn += {
 	function proc_v2_certificate(is_orig: bool, cert : bytestring) : bool
 		%{
 		vector<bytestring>* cert_list = new vector<bytestring>(1,cert);
-		bool ret = proc_certificate(is_orig, cert_list);
+		bool ret = proc_certificate(is_orig, zeek_analyzer()->GetFlipped(), cert_list);
 		delete cert_list;
 		return ret;
 		%}
diff --git a/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac b/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac
index 136821fc9a..9bfca7ac45 100644
--- a/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac
+++ b/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac
@@ -377,7 +377,7 @@ refine connection Handshake_Conn += {
 		std::transform(certs->begin(), certs->end(),
 		std::back_inserter(*cert_list), extract_certs());
 
-		bool ret = proc_certificate(is_orig, cert_list);
+		bool ret = proc_certificate(is_orig, flipped_, cert_list);
 		delete cert_list;
 		return ret;
 		%}
diff --git a/src/analyzer/protocol/ssl/tls-handshake.pac b/src/analyzer/protocol/ssl/tls-handshake.pac
index d1ca8b973c..00193bca72 100644
--- a/src/analyzer/protocol/ssl/tls-handshake.pac
+++ b/src/analyzer/protocol/ssl/tls-handshake.pac
@@ -8,7 +8,6 @@
 
 #include "zeek/analyzer/protocol/ssl/types.bif.h"
 #include "zeek/analyzer/protocol/ssl/events.bif.h"
-#define USE_FLIPPED
 %}
 
 analyzer TLSHandshake withcontext {