diff --git a/Cargo.lock b/Cargo.lock
index 69aff11a2d..ba073214cd 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1375,6 +1375,7 @@ dependencies = [
  "tokio",
  "tokio-rustls",
  "tower-service",
+ "webpki-roots",
 ]
 
 [[package]]
@@ -2258,6 +2259,7 @@ dependencies = [
  "wasm-bindgen-futures",
  "wasm-streams",
  "web-sys",
+ "webpki-roots",
 ]
 
 [[package]]
@@ -3400,6 +3402,15 @@ dependencies = [
  "wasm-bindgen",
 ]
 
+[[package]]
+name = "webpki-roots"
+version = "1.0.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7e8983c3ab33d6fb807cfcdad2491c4ea8cbc8ed839181c7dfd9c67c83e261b2"
+dependencies = [
+ "rustls-pki-types",
+]
+
 [[package]]
 name = "winapi"
 version = "0.3.9"
diff --git a/Cargo.toml b/Cargo.toml
index 45abfa0628..e35ff59f81 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -49,6 +49,7 @@ path = "sdk/typespec/typespec_macros"
 [workspace.dependencies.azure_core]
 version = "0.27.0"
 path = "sdk/core/azure_core"
+default-features = false
 
 [workspace.dependencies.azure_core_macros]
 version = "0.1.0"
diff --git a/sdk/core/azure_core/Cargo.toml b/sdk/core/azure_core/Cargo.toml
index ae635176e9..f08ecf027a 100644
--- a/sdk/core/azure_core/Cargo.toml
+++ b/sdk/core/azure_core/Cargo.toml
@@ -28,7 +28,7 @@ sha2 = { workspace = true, optional = true }
 tokio = { workspace = true, optional = true }
 tracing.workspace = true
 typespec = { workspace = true, features = ["http", "json"] }
-typespec_client_core = { workspace = true, features = [
+typespec_client_core = { workspace = true, default-features = false, features = [
   "derive",
   "http",
   "json",
@@ -58,10 +58,16 @@ azurite_workaround = []
 debug = ["typespec_client_core/debug"]
 hmac_openssl = ["dep:openssl"]
 hmac_rust = ["dep:sha2", "dep:hmac"]
-reqwest = ["typespec_client_core/reqwest"]
+reqwest = ["typespec_client_core/reqwest_native_tls"]
 reqwest_deflate = ["typespec_client_core/reqwest_deflate"]
 reqwest_gzip = ["typespec_client_core/reqwest_gzip"]
-reqwest_rustls = ["typespec_client_core/reqwest_rustls"]
+reqwest_rustls = ["reqwest_rustls_native_roots"]
+reqwest_rustls_native_roots = [
+  "typespec_client_core/reqwest_rustls_native_roots",
+]
+reqwest_rustls_webpki_roots = [
+  "typespec_client_core/reqwest_rustls_webpki_roots",
+]
 test = ["typespec_client_core/test"]
 tokio = ["dep:tokio", "typespec_client_core/tokio"]
 xml = ["typespec_client_core/xml"]
diff --git a/sdk/core/azure_core/README.md b/sdk/core/azure_core/README.md
index 884333ce0b..1f51856de6 100644
--- a/sdk/core/azure_core/README.md
+++ b/sdk/core/azure_core/README.md
@@ -50,7 +50,8 @@ We guarantee that all client instance methods are thread-safe and independent of
 - `reqwest` (default): enables and sets `reqwest` as the default `HttpClient`. Enables `reqwest`'s `native-tls` feature.
 - `reqwest_deflate` (default): enables deflate compression for `reqwest`.
 - `reqwest_gzip` (default): enables gzip compression for `reqwest`.
-- `reqwest_rustls`: enables `reqwest`'s `rustls-tls-native-roots-no-provider` feature,
+- `reqwest_rustls_native_roots`: enables `reqwest`'s `rustls-tls-native-roots-no-provider` feature,
+- `reqwest_rustls_webpki_roots`: enables `reqwest`'s `rustls-tls-webpki-roots-no-provider` feature,
 - `tokio`: enables and sets `tokio` as the default async runtime.
 - `xml`: enables XML support.
 
diff --git a/sdk/identity/azure_identity/Cargo.toml b/sdk/identity/azure_identity/Cargo.toml
index 3fb5f98b4e..9ba927d184 100644
--- a/sdk/identity/azure_identity/Cargo.toml
+++ b/sdk/identity/azure_identity/Cargo.toml
@@ -23,7 +23,9 @@ serde.workspace = true
 time.workspace = true
 tokio = { workspace = true, optional = true }
 tracing.workspace = true
-typespec_client_core = { workspace = true, features = ["derive"] }
+typespec_client_core = { workspace = true, default-features = false, features = [
+  "derive",
+] }
 url.workspace = true
 
 [dev-dependencies]
@@ -39,7 +41,9 @@ tracing-subscriber.workspace = true
 [features]
 default = ["reqwest"]
 reqwest = ["azure_core/reqwest"]
-reqwest_rustls = ["azure_core/reqwest_rustls"]
+reqwest_rustls = ["reqwest_rustls_native_roots"]
+reqwest_rustls_native_roots = ["azure_core/reqwest_rustls_native_roots"]
+reqwest_rustls_webpki_roots = ["azure_core/reqwest_rustls_webpki_roots"]
 tokio = ["dep:tokio", "azure_core/tokio", "tokio/process"]
 client_certificate = ["openssl"]
 
diff --git a/sdk/keyvault/azure_security_keyvault_certificates/Cargo.toml b/sdk/keyvault/azure_security_keyvault_certificates/Cargo.toml
index 4d44540b6d..657d636648 100644
--- a/sdk/keyvault/azure_security_keyvault_certificates/Cargo.toml
+++ b/sdk/keyvault/azure_security_keyvault_certificates/Cargo.toml
@@ -15,7 +15,9 @@ categories = ["api-bindings"]
 
 [dependencies]
 async-trait = { workspace = true }
-azure_core = { workspace = true }
+azure_core = { workspace = true, features = [
+  "default",
+] }
 futures = { workspace = true }
 serde = { workspace = true, features = ["derive"] }
 serde_json = { workspace = true }
diff --git a/sdk/keyvault/azure_security_keyvault_keys/Cargo.toml b/sdk/keyvault/azure_security_keyvault_keys/Cargo.toml
index bcc5142fa9..062ed41dca 100644
--- a/sdk/keyvault/azure_security_keyvault_keys/Cargo.toml
+++ b/sdk/keyvault/azure_security_keyvault_keys/Cargo.toml
@@ -15,7 +15,9 @@ categories = ["api-bindings"]
 
 [dependencies]
 async-trait = { workspace = true }
-azure_core = { workspace = true }
+azure_core = { workspace = true, features = [
+  "default",
+] }
 futures = { workspace = true }
 serde = { workspace = true }
 serde_json = { workspace = true }
diff --git a/sdk/keyvault/azure_security_keyvault_secrets/Cargo.toml b/sdk/keyvault/azure_security_keyvault_secrets/Cargo.toml
index f0913b3279..e580d77780 100644
--- a/sdk/keyvault/azure_security_keyvault_secrets/Cargo.toml
+++ b/sdk/keyvault/azure_security_keyvault_secrets/Cargo.toml
@@ -15,7 +15,9 @@ categories = ["api-bindings"]
 
 [dependencies]
 async-trait = { workspace = true }
-azure_core = { workspace = true }
+azure_core = { workspace = true, features = [
+  "default",
+] }
 futures = { workspace = true }
 serde = { workspace = true, features = ["derive"] }
 serde_json = { workspace = true }
diff --git a/sdk/storage/azure_storage_blob/Cargo.toml b/sdk/storage/azure_storage_blob/Cargo.toml
index 9927c8d34e..7921a04dca 100644
--- a/sdk/storage/azure_storage_blob/Cargo.toml
+++ b/sdk/storage/azure_storage_blob/Cargo.toml
@@ -17,7 +17,7 @@ categories = ["api-bindings"]
 
 [dependencies]
 async-trait.workspace = true
-azure_core = { workspace = true, features = ["xml"] }
+azure_core = { workspace = true, features = ["default", "xml"] }
 serde.workspace = true
 typespec_client_core = { workspace = true, features = ["derive"] }
 url.workspace = true
diff --git a/sdk/typespec/typespec_client_core/CHANGELOG.md b/sdk/typespec/typespec_client_core/CHANGELOG.md
index 26fbd3c6e6..d94769ff54 100644
--- a/sdk/typespec/typespec_client_core/CHANGELOG.md
+++ b/sdk/typespec/typespec_client_core/CHANGELOG.md
@@ -6,6 +6,8 @@
 
 ### Breaking Changes
 
+- Renamed the `reqwest` feature into `reqwest_native_tls` so that cargo would not auto-enable `reqwest/native-tls` for other TLS provider  (like e.g. `reqwest_rustls`).
+
 ### Bugs Fixed
 
 ### Other Changes
diff --git a/sdk/typespec/typespec_client_core/Cargo.toml b/sdk/typespec/typespec_client_core/Cargo.toml
index 7032a61fb6..4016de8568 100644
--- a/sdk/typespec/typespec_client_core/Cargo.toml
+++ b/sdk/typespec/typespec_client_core/Cargo.toml
@@ -19,7 +19,7 @@ futures.workspace = true
 pin-project.workspace = true
 quick-xml = { workspace = true, optional = true }
 rand.workspace = true
-reqwest = { workspace = true, optional = true }
+reqwest = { workspace = true, default-features = false, optional = true }
 rust_decimal = { workspace = true, optional = true }
 serde.workspace = true
 serde_json.workspace = true
@@ -45,17 +45,25 @@ tracing-subscriber.workspace = true
 typespec_macros.path = "../typespec_macros"
 
 [features]
-default = ["http", "json", "reqwest", "reqwest_deflate", "reqwest_gzip"]
+default = [
+  "http",
+  "json",
+  "reqwest_native_tls",
+  "reqwest_deflate",
+  "reqwest_gzip",
+]
 debug = ["typespec_macros?/debug"]
 derive = ["dep:typespec_macros"]
 http = ["typespec/http"]
 json = ["typespec/json"]
-reqwest = ["reqwest/native-tls"]
+reqwest_native_tls = ["reqwest/native-tls"]
 reqwest_deflate = ["reqwest/deflate"]
 reqwest_gzip = ["reqwest/gzip"]
-reqwest_rustls = [
+reqwest_rustls = ["reqwest_rustls_native_roots"]
+reqwest_rustls_native_roots = [
   "reqwest/rustls-tls-native-roots-no-provider",
 ] # Remove dependency on banned `ring` crate; requires manually configuring crypto provider.
+reqwest_rustls_webpki_roots = ["reqwest/rustls-tls-webpki-roots-no-provider"]
 test = [] # Enables extra tracing including error bodies that may contain PII.
 tokio = ["tokio/fs", "tokio/sync", "tokio/time", "tokio/io-util"]
 xml = ["dep:quick-xml"]
diff --git a/sdk/typespec/typespec_client_core/README.md b/sdk/typespec/typespec_client_core/README.md
index ce27b03f9e..ac14c51aff 100644
--- a/sdk/typespec/typespec_client_core/README.md
+++ b/sdk/typespec/typespec_client_core/README.md
@@ -11,7 +11,8 @@ This is the runtime for [TypeSpec](https://typespec.io)-generated clients.
 * `reqwest` (default): enables and sets `reqwest` as the default `HttpClient`. Enables `reqwest`'s `native-tls` feature.
 * `reqwest_deflate` (default): enables deflate compression for `reqwest`.
 * `reqwest_gzip` (default): enables gzip compression for `reqwest`.
-* `reqwest_rustls`: enables `reqwest`'s `rustls-tls-native-roots-no-provider` feature,
+* `reqwest_rustls_native_roots`: enables `reqwest`'s `rustls-tls-native-roots-no-provider` feature,
+* `reqwest_rustls_webpki_roots`: enables `reqwest`'s `rustls-tls-webpki-roots-no-provider` feature,
   which requires manually configuring a cryptography provider since `ring` is a banned dependency.
 * `tokio`: enables and sets `tokio` as the default async runtime.
 * `xml`: enables XML support.
diff --git a/sdk/typespec/typespec_client_core/src/http/clients/mod.rs b/sdk/typespec/typespec_client_core/src/http/clients/mod.rs
index b875bdd4ef..10c9abd6e1 100644
--- a/sdk/typespec/typespec_client_core/src/http/clients/mod.rs
+++ b/sdk/typespec/typespec_client_core/src/http/clients/mod.rs
@@ -3,14 +3,30 @@
 
 //! Built-in HTTP clients.
 
-#[cfg(not(any(feature = "reqwest", feature = "reqwest_rustls")))]
+#[cfg(not(any(
+    feature = "reqwest",
+    feature = "reqwest_rustls_native_roots",
+    feature = "reqwest_rustls_webpki_roots"
+)))]
 mod noop;
-#[cfg(any(feature = "reqwest", feature = "reqwest_rustls"))]
+#[cfg(any(
+    feature = "reqwest",
+    feature = "reqwest_rustls_native_roots",
+    feature = "reqwest_rustls_webpki_roots"
+))]
 mod reqwest;
 
-#[cfg(not(any(feature = "reqwest", feature = "reqwest_rustls")))]
+#[cfg(not(any(
+    feature = "reqwest",
+    feature = "reqwest_rustls_native_roots",
+    feature = "reqwest_rustls_webpki_roots"
+)))]
 use self::noop::new_noop_client;
-#[cfg(any(feature = "reqwest", feature = "reqwest_rustls"))]
+#[cfg(any(
+    feature = "reqwest",
+    feature = "reqwest_rustls_native_roots",
+    feature = "reqwest_rustls_webpki_roots"
+))]
 use self::reqwest::new_reqwest_client;
 
 use crate::http::{RawResponse, Request};
@@ -20,11 +36,19 @@ use typespec::error::Result;
 
 /// Create a new [`HttpClient`].
 pub fn new_http_client() -> Arc<dyn HttpClient> {
-    #[cfg(any(feature = "reqwest", feature = "reqwest_rustls"))]
+    #[cfg(any(
+        feature = "reqwest",
+        feature = "reqwest_rustls_native_roots",
+        feature = "reqwest_rustls_webpki_roots"
+    ))]
     {
         new_reqwest_client()
     }
-    #[cfg(not(any(feature = "reqwest", feature = "reqwest_rustls")))]
+    #[cfg(not(any(
+        feature = "reqwest",
+        feature = "reqwest_rustls_native_roots",
+        feature = "reqwest_rustls_webpki_roots"
+    )))]
     {
         new_noop_client()
     }