diff --git a/network/h2c.go b/network/h2c.go
index ebf1ee8a2a..e1671233dc 100644
--- a/network/h2c.go
+++ b/network/h2c.go
@@ -59,13 +59,11 @@ func newH2CTransport(disableCompression bool) http.RoundTripper {
 
 // newH2Transport constructs a neew H2 transport. That transport will handles HTTPS traffic
 // with TLS config.
-func newH2Transport(disableCompression bool, tlsConf *tls.Config) http.RoundTripper {
+func newH2Transport(disableCompression bool, tlsContext DialTLSContextFunc) http.RoundTripper {
 	return &http2.Transport{
 		DisableCompression: disableCompression,
-		DialTLS: func(netw, addr string, tlsConf *tls.Config) (net.Conn, error) {
-			return DialTLSWithBackOff(context.Background(),
-				netw, addr, tlsConf)
+		DialTLSContext: func(ctx context.Context, network, addr string, cfg *tls.Config) (net.Conn, error) {
+			return tlsContext(ctx, network, addr)
 		},
-		TLSClientConfig: tlsConf,
 	}
 }
diff --git a/network/transports.go b/network/transports.go
index d48cd62151..1199359e23 100644
--- a/network/transports.go
+++ b/network/transports.go
@@ -127,7 +127,9 @@ func newHTTPTransport(disableKeepAlives, disableCompression bool, maxIdle, maxId
 	return transport
 }
 
-func newHTTPSTransport(disableKeepAlives, disableCompression bool, maxIdle, maxIdlePerHost int, tlsConf *tls.Config) http.RoundTripper {
+type DialTLSContextFunc func(ctx context.Context, network, addr string) (net.Conn, error)
+
+func newHTTPSTransport(disableKeepAlives, disableCompression bool, maxIdle, maxIdlePerHost int, tlsContext DialTLSContextFunc) http.RoundTripper {
 	transport := http.DefaultTransport.(*http.Transport).Clone()
 	transport.DialContext = DialWithBackOff
 	transport.DisableKeepAlives = disableKeepAlives
@@ -135,8 +137,8 @@ func newHTTPSTransport(disableKeepAlives, disableCompression bool, maxIdle, maxI
 	transport.MaxIdleConnsPerHost = maxIdlePerHost
 	transport.ForceAttemptHTTP2 = false
 	transport.DisableCompression = disableCompression
+	transport.DialTLSContext = tlsContext
 
-	transport.TLSClientConfig = tlsConf
 	return transport
 }
 
@@ -149,10 +151,10 @@ func NewProberTransport() http.RoundTripper {
 }
 
 // NewProxyAutoTLSTransport is same with NewProxyAutoTransport but it has tls.Config to create HTTPS request.
-func NewProxyAutoTLSTransport(maxIdle, maxIdlePerHost int, tlsConf *tls.Config) http.RoundTripper {
+func NewProxyAutoTLSTransport(maxIdle, maxIdlePerHost int, tlsContext DialTLSContextFunc) http.RoundTripper {
 	return newAutoTransport(
-		newHTTPSTransport(false /*disable keep-alives*/, true /*disable auto-compression*/, maxIdle, maxIdlePerHost, tlsConf),
-		newH2Transport(true /*disable auto-compression*/, tlsConf))
+		newHTTPSTransport(false /*disable keep-alives*/, true /*disable auto-compression*/, maxIdle, maxIdlePerHost, tlsContext),
+		newH2Transport(true /*disable auto-compression*/, tlsContext))
 }
 
 // NewAutoTransport creates a RoundTripper that can use appropriate transport