diff --git a/rtls/config.go b/rtls/config.go
index 5243255d..6af94d09 100644
--- a/rtls/config.go
+++ b/rtls/config.go
@@ -14,9 +14,9 @@ import (
 // is true, the client will not verify the server's certificate. If mutual is true,
 // the server will verify the client's certificate. If tls1011 is true, the client will
 // accept TLS 1.0 or 1.1. Otherwise, it will require TLS 1.2 or higher.
-func CreateConfig(certFile, keyFile, caCertFile string, noverify, mutual bool) (*tls.Config, error) {
+func CreateConfig(certFile, keyFile, caCertFile, serverName string, noverify, mutual bool) (*tls.Config, error) {
 	var err error
-	config := createBaseTLSConfig(noverify)
+	config := createBaseTLSConfig(serverName, noverify)
 
 	// load the certificate and key
 	if certFile != "" && keyFile != "" {
@@ -57,10 +57,10 @@ func CreateConfig(certFile, keyFile, caCertFile string, noverify, mutual bool) (
 // presented by the server. If noverify is true, the client will not verify the server's certificate.
 // If tls1011 is true, the client will accept TLS 1.0 or 1.1. Otherwise, it will require TLS 1.2
 // or higher.
-func CreateClientConfig(certFile, keyFile, caCertFile string, noverify bool) (*tls.Config, error) {
+func CreateClientConfig(certFile, keyFile, caCertFile, serverName string, noverify bool) (*tls.Config, error) {
 	var err error
 
-	config := createBaseTLSConfig(noverify)
+	config := createBaseTLSConfig(serverName, noverify)
 	if certFile != "" && keyFile != "" {
 		config.Certificates = make([]tls.Certificate, 1)
 		config.Certificates[0], err = tls.LoadX509KeyPair(certFile, keyFile)
@@ -89,10 +89,10 @@ func CreateClientConfig(certFile, keyFile, caCertFile string, noverify bool) (*t
 // client. If noverify is true, the server will not verify the client's certificate. If
 // tls1011 is true, the server will accept TLS 1.0 or 1.1. Otherwise, it will require TLS 1.2
 // or higher.
-func CreateServerConfig(certFile, keyFile, caCertFile string, noverify bool) (*tls.Config, error) {
+func CreateServerConfig(certFile, keyFile, caCertFile, serverName string, noverify bool) (*tls.Config, error) {
 	var err error
 
-	config := createBaseTLSConfig(false)
+	config := createBaseTLSConfig(serverName, false)
 	config.Certificates = make([]tls.Certificate, 1)
 	config.Certificates[0], err = tls.LoadX509KeyPair(certFile, keyFile)
 	if err != nil {
@@ -115,8 +115,9 @@ func CreateServerConfig(certFile, keyFile, caCertFile string, noverify bool) (*t
 	return config, nil
 }
 
-func createBaseTLSConfig(noverify bool) *tls.Config {
+func createBaseTLSConfig(serverName string, noverify bool) *tls.Config {
 	return &tls.Config{
+		ServerName:         serverName,
 		InsecureSkipVerify: noverify,
 		NextProtos:         []string{"h2", "http/1.1"},
 		MinVersion:         uint16(tls.VersionTLS12),
diff --git a/rtls/config_test.go b/rtls/config_test.go
index 13d314be..7a2a4c1a 100644
--- a/rtls/config_test.go
+++ b/rtls/config_test.go
@@ -26,7 +26,7 @@ func Test_CreateConfig(t *testing.T) {
 	caCertFile := mustWriteTempFile(t, caCertPEM)
 
 	// create a config with no server or client verification
-	config, err := CreateConfig(certFile, keyFile, caCertFile, true, false)
+	config, err := CreateConfig(certFile, keyFile, caCertFile, "", true, false)
 	if err != nil {
 		t.Fatalf("failed to create config: %v", err)
 	}
@@ -69,7 +69,7 @@ func Test_CreateConfig(t *testing.T) {
 	}
 
 	// create a config with server cert verification only
-	config, err = CreateConfig(certFile, keyFile, caCertFile, false, false)
+	config, err = CreateConfig(certFile, keyFile, caCertFile, "", false, false)
 	if err != nil {
 		t.Fatalf("failed to create config: %v", err)
 	}
@@ -81,7 +81,7 @@ func Test_CreateConfig(t *testing.T) {
 	}
 
 	// create a config with both server and client verification
-	config, err = CreateConfig(certFile, keyFile, "", false, true)
+	config, err = CreateConfig(certFile, keyFile, "", "", false, true)
 	if err != nil {
 		t.Fatalf("failed to create config: %v", err)
 	}
@@ -103,7 +103,7 @@ func Test_CreateServerConfig(t *testing.T) {
 	keyFile := mustWriteTempFile(t, keyPEM)
 
 	// create a server config with no client verification
-	config, err := CreateServerConfig(certFile, keyFile, "", true)
+	config, err := CreateServerConfig(certFile, keyFile, "", "", true)
 	if err != nil {
 		t.Fatalf("failed to create server config: %v", err)
 	}
@@ -130,7 +130,7 @@ func Test_CreateServerConfig(t *testing.T) {
 	}
 
 	// create a server config with client verification
-	config, err = CreateServerConfig(certFile, keyFile, "", false)
+	config, err = CreateServerConfig(certFile, keyFile, "", "", false)
 	if err != nil {
 		t.Fatalf("failed to create server config: %v", err)
 	}
@@ -149,7 +149,7 @@ func Test_CreateClientConfig(t *testing.T) {
 	keyFile := mustWriteTempFile(t, keyPEM)
 
 	// create a client config with no server verification
-	config, err := CreateClientConfig(certFile, keyFile, "", true)
+	config, err := CreateClientConfig(certFile, keyFile, "", "", true)
 	if err != nil {
 		t.Fatalf("failed to create client config: %v", err)
 	}
@@ -176,7 +176,7 @@ func Test_CreateClientConfig(t *testing.T) {
 	}
 
 	// create a client config with server verification
-	config, err = CreateClientConfig(certFile, keyFile, "", false)
+	config, err = CreateClientConfig(certFile, keyFile, "", "", false)
 	if err != nil {
 		t.Fatalf("failed to create client config: %v", err)
 	}