diff --git a/tlsconn.go b/tlsconn.go
index c51f909f..d3a941be 100644
--- a/tlsconn.go
+++ b/tlsconn.go
@@ -22,3 +22,9 @@ type TLSConn interface {
 	// in time by the given context.
 	HandshakeContext(ctx context.Context) error
 }
+
+// TLSClientFactory is the factory used when creating connections
+// using a proxy inside of the HTTP library. By default, this is
+// the tls.Client function. You'll need to override this factory if
+// you want to use refraction-networking/utls for proxied conns.
+var TLSClientFactory = tls.Client
diff --git a/transport.go b/transport.go
index eb2b087e..402017e6 100644
--- a/transport.go
+++ b/transport.go
@@ -1519,7 +1519,7 @@ func (pconn *persistConn) addTLS(ctx context.Context, name string, trace *httptr
 		cfg.NextProtos = nil
 	}
 	plainConn := pconn.conn
-	tlsConn := tls.Client(plainConn, cfg)
+	tlsConn := TLSClientFactory(plainConn, cfg)
 	errc := make(chan error, 2)
 	var timer *time.Timer // for canceling TLS handshake
 	if d := pconn.t.TLSHandshakeTimeout; d != 0 {