diff --git a/main.go b/main.go
index 2cd5cf7ee..94ddb2f23 100644
--- a/main.go
+++ b/main.go
@@ -151,7 +151,7 @@ func startEtcd() {
 		n = raft.RestartNode(id, peers.IDs(), 10, 1, snapshot, st, ents)
 	}
 
-	pt, err := transport.NewTransport()
+	pt, err := transport.NewTransport(transport.TLSInfo{})
 	if err != nil {
 		log.Fatal(err)
 	}
diff --git a/transport/listener.go b/transport/listener.go
index 2f1ea7e56..32e8f281b 100644
--- a/transport/listener.go
+++ b/transport/listener.go
@@ -29,7 +29,7 @@ func NewListener(addr string, info TLSInfo) (net.Listener, error) {
 	return l, nil
 }
 
-func NewTransport() (*http.Transport, error) {
+func NewTransport(info TLSInfo) (*http.Transport, error) {
 	t := &http.Transport{
 		// timeouts taken from http.DefaultTransport
 		Dial: (&net.Dialer{
@@ -38,6 +38,15 @@ func NewTransport() (*http.Transport, error) {
 		}).Dial,
 		TLSHandshakeTimeout: 10 * time.Second,
 	}
+
+	if !info.Empty() {
+		tlsCfg, err := info.ClientConfig()
+		if err != nil {
+			return nil, err
+		}
+		t.TLSClientConfig = tlsCfg
+	}
+
 	return t, nil
 }