diff --git a/holaapi.go b/holaapi.go
index e4d9818..bef1b25 100644
--- a/holaapi.go
+++ b/holaapi.go
@@ -3,7 +3,6 @@ package main
 import (
 	"bytes"
 	"context"
-	"crypto/tls"
 	"crypto/x509"
 	"encoding/base64"
 	"encoding/hex"
@@ -24,6 +23,7 @@ import (
 	"github.com/campoy/unique"
 	"github.com/cenkalti/backoff/v4"
 	"github.com/google/uuid"
+	tls "github.com/refraction-networking/utls"
 )
 
 const EXT_BROWSER = "chrome"
@@ -401,7 +401,6 @@ func httpClientWithProxy(agent *FallbackAgent) *http.Client {
 		IdleConnTimeout:       90 * time.Second,
 		TLSHandshakeTimeout:   10 * time.Second,
 		ExpectContinueTimeout: 1 * time.Second,
-		TLSClientConfig:       tlsConfig,
 	}
 	var dialer ContextDialer = baseDialer
 	var rootCAs *x509.CertPool
@@ -412,6 +411,26 @@ func httpClientWithProxy(agent *FallbackAgent) *http.Client {
 		dialer = NewProxyDialer(agent.NetAddr(), agent.Hostname(), rootCAs, nil, true, dialer)
 	}
 	t.DialContext = dialer.DialContext
+	t.DialTLSContext = func(ctx context.Context, network, addr string) (net.Conn, error) {
+		host, _, err := net.SplitHostPort(addr)
+		if err != nil {
+			return nil, err
+		}
+		conn, err := dialer.DialContext(ctx, network, addr)
+		if err != nil {
+			return nil, err
+		}
+		var cfg tls.Config
+		if tlsConfig != nil {
+			cfg = *tlsConfig
+		}
+		cfg.ServerName = host
+		conn = tls.UClient(conn, &cfg, tls.HelloChrome_Auto)
+		if err := conn.(*tls.UConn).HandshakeContext(ctx); err != nil {
+			return nil, err
+		}
+		return conn, nil
+	}
 	return &http.Client{
 		Transport: t,
 	}
diff --git a/main.go b/main.go
index 9591487..d3e4004 100644
--- a/main.go
+++ b/main.go
@@ -2,7 +2,6 @@ package main
 
 import (
 	"context"
-	"crypto/tls"
 	"crypto/x509"
 	"errors"
 	"flag"
@@ -15,6 +14,7 @@ import (
 	"os"
 	"time"
 
+	tls "github.com/refraction-networking/utls"
 	xproxy "golang.org/x/net/proxy"
 )