Correct configuration for DoT with unbound ?

[hushcoden]

Trying to configure DoT with Unbound and I've found three different settings to insert in the custom options field, very similar, just slightly different, so which one is the correct one, SSL or TLS, with or without the DNS names ?

1) server:
    forward-zone:
    name: "."
    forward-ssl-upstream: yes
    forward-addr: 9.9.9.9@853
    forward-addr: 149.112.112.112@853

2) server:
    forward-zone:
    name: "."
    forward-tls-upstream: yes
    forward-addr: 9.9.9.9@853
    forward-addr: 149.112.112.112@853

3) server:
    forward-zone:
    name: "."
    forward-tls-upstream: yes
    forward-addr: 9.9.9.9@853#dns.quad9.net
    forward-addr: 149.112.112.112@853#dns.quad9.net

Thanks.