diff --git a/rtc_base/openssl_stream_adapter.cc b/rtc_base/openssl_stream_adapter.cc
index 9642674d45..e2c242bf0e 100644
--- a/rtc_base/openssl_stream_adapter.cc
+++ b/rtc_base/openssl_stream_adapter.cc
@@ -290,6 +290,10 @@ OpenSSLStreamAdapter::OpenSSLStreamAdapter(
       ssl_write_needs_read_(false),
       ssl_(nullptr),
       ssl_ctx_(nullptr),
+#ifdef OPENSSL_IS_BORINGSSL
+      permute_extension_(
+          webrtc::field_trial::IsEnabled("WebRTC-PermuteTlsClientHello")),
+#endif
       ssl_mode_(SSL_MODE_TLS),
       ssl_max_version_(SSL_PROTOCOL_TLS_12) {
   stream_->SignalEvent.connect(this, &OpenSSLStreamAdapter::OnEvent);
@@ -1069,8 +1073,7 @@ SSL_CTX* OpenSSLStreamAdapter::SetupSSLContext() {
   }
 
 #ifdef OPENSSL_IS_BORINGSSL
-  SSL_CTX_set_permute_extensions(
-      ctx, webrtc::field_trial::IsEnabled("WebRTC-PermuteTlsClientHello"));
+  SSL_CTX_set_permute_extensions(ctx, permute_extension_);
 #endif
 
   return ctx;
diff --git a/rtc_base/openssl_stream_adapter.h b/rtc_base/openssl_stream_adapter.h
index 34cadeb06c..3ef1363ed5 100644
--- a/rtc_base/openssl_stream_adapter.h
+++ b/rtc_base/openssl_stream_adapter.h
@@ -223,6 +223,10 @@ class OpenSSLStreamAdapter final : public SSLStreamAdapter,
   // Our key and certificate.
 #ifdef OPENSSL_IS_BORINGSSL
   std::unique_ptr<BoringSSLIdentity> identity_;
+  // We check and store the `WebRTC-PermuteTlsClientHello` field trial config in
+  // the constructor for convenience to allow tests to apply different
+  // configurations across instances.
+  const bool permute_extension_;
 #else
   std::unique_ptr<OpenSSLIdentity> identity_;
 #endif