diff --git a/api/api.go b/api/api.go
index 36ea6d617e..a89a8ed470 100644
--- a/api/api.go
+++ b/api/api.go
@@ -220,7 +220,7 @@ func proxyContainerAndForceRefresh(c *context, w http.ResponseWriter, r *http.Re
 		return
 	}
 
-	if err := proxy(container, w, r); err != nil {
+	if err := proxy(c.tlsConfig, container, w, r); err != nil {
 		httpError(w, err.Error(), http.StatusInternalServerError)
 	}
 
@@ -249,7 +249,7 @@ func proxyHijack(c *context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	if err := hijack(container, w, r); err != nil {
+	if err := hijack(c.tlsConfig, container, w, r); err != nil {
 		httpError(w, err.Error(), http.StatusInternalServerError)
 	}
 }
diff --git a/api/utils.go b/api/utils.go
index 9e51779b45..6380e0812e 100644
--- a/api/utils.go
+++ b/api/utils.go
@@ -65,7 +65,7 @@ func proxy(tlsConfig *tls.Config, container *cluster.Container, w http.ResponseW
 	return nil
 }
 
-func hijack(container *cluster.Container, w http.ResponseWriter, r *http.Request) error {
+func hijack(tlsConfig *tls.Config, container *cluster.Container, w http.ResponseWriter, r *http.Request) error {
 	addr := container.Node().Addr
 	if parts := strings.SplitN(container.Node().Addr, "://", 2); len(parts) == 2 {
 		addr = parts[1]
@@ -73,7 +73,16 @@ func hijack(container *cluster.Container, w http.ResponseWriter, r *http.Request
 
 	log.Debugf("[HIJACK PROXY] --> %s", addr)
 
-	d, err := net.Dial("tcp", addr)
+	var (
+		d   net.Conn
+		err error
+	)
+
+	if tlsConfig != nil {
+		d, err = tls.Dial("tcp", addr, tlsConfig)
+	} else {
+		d, err = net.Dial("tcp", addr)
+	}
 	if err != nil {
 		return err
 	}