diff --git a/docs/client.md b/docs/client.md
index 77b325b..581bb9e 100644
--- a/docs/client.md
+++ b/docs/client.md
@@ -31,6 +31,7 @@ client is:
 ||timeout||How long the client should let operations live for before timing out. Default is Infinity.||
 ||connectTimeout||How long the client should wait before timing out on TCP connections. Default is up to the OS.||
 ||maxConnections||Whether or not to enable connection pooling, and if so, how many to maintain.||
+||tlsOptions||Additional [options](http://nodejs.org/api/tls.html#tls_tls_connect_port_host_options_callback) passed to the TLS connection layer when connecting via `ldaps://`||
 
 If using connection pooling, you can additionally pass in:
 
diff --git a/lib/client/client.js b/lib/client/client.js
index 33af458..0784fc9 100644
--- a/lib/client/client.js
+++ b/lib/client/client.js
@@ -231,6 +231,7 @@ function Client(options) {
   this.log = options.log.child({clazz: 'Client'}, true);
   this.port = _url ? _url.port : false;
   this.secure = _url ? _url.secure : false;
+  this.tlsOptions = options.tlsOptions;
   this.socketPath = options.socketPath || false;
   this.timeout = parseInt((options.timeout || 0), 10);
   this.url = _url;
@@ -721,7 +722,7 @@ Client.prototype._connect = function _connect() {
     self.emit('connect', socket);
   }
 
-  socket = proto.connect((this.port || this.socketPath), this.host);
+  socket = proto.connect((this.port || this.socketPath), this.host, this.secure ? this.tlsOptions : null);
 
   socket.once('connect', onConnect);
   socket.once('secureConnect', onConnect);
diff --git a/lib/client/pool.js b/lib/client/pool.js
index e6e947c..ea770b6 100644
--- a/lib/client/pool.js
+++ b/lib/client/pool.js
@@ -115,7 +115,8 @@ function ClientPool(options) {
     log: options.log,
     socketPath: options.socketPath,
     timeout: (options.timeout || 0),
-    url: options.url
+    url: options.url,
+    tlsOptions: options.tlsOptions
   };
   this.pool = createPool(options);
 }