diff --git a/api.go b/api.go
index b8f2f00..030d722 100644
--- a/api.go
+++ b/api.go
@@ -300,7 +300,7 @@ func (a *Api) CreateTunnel(tokenData TokenData, params url.Values) (*Tunnel, err
 	}
 
 	tlsTerm := params.Get("tls-termination")
-	if tlsTerm != "server" && tlsTerm != "client" && tlsTerm != "passthrough" {
+	if tlsTerm != "server" && tlsTerm != "client" && tlsTerm != "passthrough" && tlsTerm != "client-tls" {
 		return nil, errors.New("Invalid tls-termination parameter")
 	}
 
diff --git a/boringproxy.go b/boringproxy.go
index 7d67f5e..fc4e90f 100644
--- a/boringproxy.go
+++ b/boringproxy.go
@@ -334,7 +334,7 @@ func (p *Server) handleConnection(clientConn net.Conn) {
 
 	tunnel, exists := p.db.GetTunnel(clientHello.ServerName)
 
-	if exists && (tunnel.TlsTermination == "client" || tunnel.TlsTermination == "passthrough") {
+	if exists && (tunnel.TlsTermination == "client" || tunnel.TlsTermination == "passthrough") || tunnel.TlsTermination == "client-tls" {
 		p.passthroughRequest(passConn, tunnel)
 	} else {
 		p.httpListener.PassConn(passConn)
diff --git a/client.go b/client.go
index 0a5903a..1039836 100644
--- a/client.go
+++ b/client.go
@@ -320,6 +320,18 @@ func (c *Client) BoreTunnel(ctx context.Context, tunnel Tunnel) error {
 
 	} else {
 
+		if tunnel.TlsTermination == "client-tls" {
+			tlsConfig := &tls.Config{
+				GetCertificate: c.certConfig.GetCertificate,
+			}
+
+			tlsConfig.NextProtos = append([]string{"http/1.1", "h2", "acme-tls/1"}, tlsConfig.NextProtos...)
+
+			tlsListener := tls.NewListener(listener, tlsConfig)
+
+			listener = tlsListener
+		}
+
 		go func() {
 			for {
 				conn, err := listener.Accept()
diff --git a/templates/edit_tunnel.tmpl b/templates/edit_tunnel.tmpl
index 2cc11f4..a06942f 100644
--- a/templates/edit_tunnel.tmpl
+++ b/templates/edit_tunnel.tmpl
@@ -11,6 +11,15 @@
        <input type="text" id="domain" name="domain" value="{{$.Domain}}" required>
        <input type="hidden" id="tunnel-owner" name="owner" value="{{$.UserId}}">
      </div>
+     <div class='input'>
+       <label for="tls-termination">Tunnel Type:</label>
+       <select id="tls-termination" name="tls-termination">
+         <option value="client-tls">Client TLS</option>
+         <option value="client">Client HTTPS</option>
+         <option value="server">Server HTTPS</option>
+         <option value="passthrough">Passthrough</option>
+       </select>
+     </div>
      <div class='input'>
        <label for="tunnel-port">Tunnel Port:</label>
        <input type="text" id="tunnel-port" name="tunnel-port" value="Random">
@@ -33,14 +42,6 @@
        <label for="client-port">Client Port:</label>
        <input type="text" id="client-port" name="client-port">
      </div>
-     <div class='input'>
-       <label for="tls-termination">TLS Termination:</label>
-       <select id="tls-termination" name="tls-termination">
-         <option value="client">Client</option>
-         <option value="server">Server</option>
-         <option value="passthrough">Passthrough</option>
-       </select>
-     </div>
      <div class='input'>
        <label for="allow-external-tcp">Allow External TCP:</label>
        <input type="checkbox" id="allow-external-tcp" name="allow-external-tcp">