diff --git a/client.go b/client.go
index 47e53c42d..f19759b6c 100644
--- a/client.go
+++ b/client.go
@@ -2,6 +2,7 @@ package sentry
 
 import (
 	"context"
+	"crypto/tls"
 	"crypto/x509"
 	"fmt"
 	"io"
@@ -229,6 +230,8 @@ type ClientOptions struct {
 	// This will default to the HTTPS_PROXY environment variable.
 	// HTTPS_PROXY takes precedence over HTTP_PROXY for https requests.
 	HTTPSProxy string
+	// An optional tls config.
+	TLSConfig *tls.Config
 	// An optional set of SSL certificates to use.
 	CaCerts *x509.CertPool
 	// MaxErrorDepth is the maximum number of errors reported in a chain of errors.
diff --git a/transport.go b/transport.go
index 487e54c17..3ed4c5b7c 100644
--- a/transport.go
+++ b/transport.go
@@ -3,7 +3,6 @@ package sentry
 import (
 	"bytes"
 	"context"
-	"crypto/tls"
 	"encoding/json"
 	"errors"
 	"fmt"
@@ -60,18 +59,6 @@ func getProxyConfig(options ClientOptions) func(*http.Request) (*url.URL, error)
 	return http.ProxyFromEnvironment
 }
 
-func getTLSConfig(options ClientOptions) *tls.Config {
-	if options.CaCerts != nil {
-		// #nosec G402 -- We should be using `MinVersion: tls.VersionTLS12`,
-		// 				 but we don't want to break peoples code without the major bump.
-		return &tls.Config{
-			RootCAs: options.CaCerts,
-		}
-	}
-
-	return nil
-}
-
 func getRequestBodyFromEvent(event *Event) []byte {
 	body, err := json.Marshal(event)
 	if err == nil {
diff --git a/util.go b/util.go
index 54524304e..264cce92a 100644
--- a/util.go
+++ b/util.go
@@ -1,6 +1,7 @@
 package sentry
 
 import (
+	"crypto/tls"
 	"encoding/json"
 	"fmt"
 	"os"
@@ -109,3 +110,24 @@ func revisionFromBuildInfo(info *debug.BuildInfo) string {
 func Pointer[T any](v T) *T {
 	return &v
 }
+
+func getTLSConfig(options ClientOptions) *tls.Config {
+	if options.TLSConfig == nil && options.CaCerts == nil {
+		return nil
+	}
+
+	var tlsConfig *tls.Config
+	if options.TLSConfig != nil {
+		tlsConfig = options.TLSConfig.Clone()
+	} else {
+		// #nosec G402 -- We should be using `MinVersion: tls.VersionTLS12`,
+		// 				 but we don't want to break peoples code without the major bump.
+		tlsConfig = &tls.Config{}
+	}
+
+	if tlsConfig.RootCAs == nil && options.CaCerts != nil {
+		tlsConfig.RootCAs = options.CaCerts
+	}
+
+	return tlsConfig
+}