diff --git a/src/classes/Agent.js b/src/classes/Agent.js
index 07e40d40..70f8bbfb 100644
--- a/src/classes/Agent.js
+++ b/src/classes/Agent.js
@@ -120,8 +120,37 @@ class Agent {
       host: configuration.hostname || configuration.host,
       port: configuration.port || 80,
       proxy,
+      tls: {},
     };
 
+    // add optional tls options for https requests.
+    // @see https://nodejs.org/docs/latest-v12.x/api/https.html#https_https_request_url_options_callback :
+    // > The following additional options from tls.connect()
+    // >   - https://nodejs.org/docs/latest-v12.x/api/tls.html#tls_tls_connect_options_callback -
+    // > are also accepted:
+    // >   ca, cert, ciphers, clientCertEngine, crl, dhparam, ecdhCurve, honorCipherOrder,
+    // >   key, passphrase, pfx, rejectUnauthorized, secureOptions, secureProtocol, servername, sessionIdContext.
+    if (this.protocol === 'https:') {
+      connectionConfiguration.tls = {
+        ca: configuration.ca,
+        cert: configuration.cert,
+        ciphers: configuration.ciphers,
+        clientCertEngine: configuration.clientCertEngine,
+        crl: configuration.crl,
+        dhparam: configuration.dhparam,
+        ecdhCurve: configuration.ecdhCurve,
+        honorCipherOrder: configuration.honorCipherOrder,
+        key: configuration.key,
+        passphrase: configuration.passphrase,
+        pfx: configuration.pfx,
+        rejectUnauthorized: configuration.rejectUnauthorized,
+        secureOptions: configuration.secureOptions,
+        secureProtocol: configuration.secureProtocol,
+        servername: configuration.servername || connectionConfiguration.host,
+        sessionIdContext: configuration.sessionIdContext,
+      };
+    }
+
     // $FlowFixMe It appears that Flow is missing the method description.
     this.createConnection(connectionConfiguration, (error, socket) => {
       log.trace({
diff --git a/src/classes/HttpsProxyAgent.js b/src/classes/HttpsProxyAgent.js
index dd87a75b..727a809c 100644
--- a/src/classes/HttpsProxyAgent.js
+++ b/src/classes/HttpsProxyAgent.js
@@ -29,8 +29,7 @@ class HttpsProxyAgent extends Agent {
 
     socket.once('data', () => {
       const secureSocket = tls.connect({
-        rejectUnauthorized: false,
-        servername: configuration.host,
+        ... configuration.tls,
         socket,
       });
 
diff --git a/src/types.js b/src/types.js
index c012a74c..e2f1a993 100644
--- a/src/types.js
+++ b/src/types.js
@@ -19,9 +19,29 @@ export type ProxyConfigurationType = {|
   +port: number,
 |};
 
+export type TlsConfigurationType = {|
+  +ca?: string,
+  +cert?: string,
+  +ciphers?: string,
+  +clientCertEngine?: string,
+  +crl?: string,
+  +dhparam?: string,
+  +ecdhCurve?: string,
+  +honorCipherOrder?: boolean,
+  +key?: string,
+  +passphrase?: string,
+  +pfx?: string,
+  +rejectUnauthorized?: boolean,
+  +secureOptions?: number,
+  +secureProtocol?: string,
+  +servername?: string,
+  +sessionIdContext?: string,
+|};
+
 export type ConnectionConfigurationType = {|
   +host: string,
   +port: number,
+  +tls?: TlsConfigurationType,
   +proxy: ProxyConfigurationType,
 |};