diff --git a/dialer/selection.go b/dialer/selection.go
index 75dd7fc..69cd6d4 100644
--- a/dialer/selection.go
+++ b/dialer/selection.go
@@ -2,6 +2,7 @@ package dialer
 
 import (
 	"context"
+	"crypto/tls"
 	"errors"
 	"fmt"
 	"io"
@@ -63,7 +64,7 @@ func SelectRandom(_ context.Context, dialers []ContextDialer) (ContextDialer, er
 	return dialers[rand.IntN(len(dialers))], nil
 }
 
-func probeDialer(ctx context.Context, dialer ContextDialer, url string, dlLimit int64) error {
+func probeDialer(ctx context.Context, dialer ContextDialer, url string, dlLimit int64, tlsClientConfig *tls.Config) error {
 	httpClient := http.Client{
 		Transport: &http.Transport{
 			MaxIdleConns:          100,
@@ -71,6 +72,8 @@ func probeDialer(ctx context.Context, dialer ContextDialer, url string, dlLimit
 			TLSHandshakeTimeout:   10 * time.Second,
 			ExpectContinueTimeout: 1 * time.Second,
 			DialContext:           dialer.DialContext,
+			TLSClientConfig:       tlsClientConfig,
+			ForceAttemptHTTP2:     true,
 		},
 	}
 	req, err := http.NewRequestWithContext(ctx, "GET", url, nil)
@@ -93,7 +96,7 @@ func probeDialer(ctx context.Context, dialer ContextDialer, url string, dlLimit
 	return err
 }
 
-func NewFastestServerSelectionFunc(url string, dlLimit int64) SelectionFunc {
+func NewFastestServerSelectionFunc(url string, dlLimit int64, tlsClientConfig *tls.Config) SelectionFunc {
 	return func(ctx context.Context, dialers []ContextDialer) (ContextDialer, error) {
 		var resErr error
 		masterNotInterested := make(chan struct{})
@@ -102,7 +105,7 @@ func NewFastestServerSelectionFunc(url string, dlLimit int64) SelectionFunc {
 		success := make(chan ContextDialer)
 		for _, dialer := range dialers {
 			go func(dialer ContextDialer) {
-				err := probeDialer(ctx, dialer, url, dlLimit)
+				err := probeDialer(ctx, dialer, url, dlLimit, tlsClientConfig)
 				if err == nil {
 					select {
 					case success <- dialer:
diff --git a/go.mod b/go.mod
index 13fb2fc..d76e57d 100644
--- a/go.mod
+++ b/go.mod
@@ -9,7 +9,7 @@ require (
 	github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/ncruces/go-dns v1.2.7
-	golang.org/x/net v0.43.0
+	golang.org/x/net v0.44.0
 )
 
 require github.com/hashicorp/errwrap v1.1.0 // indirect
diff --git a/go.sum b/go.sum
index da1f05c..a1bc383 100644
--- a/go.sum
+++ b/go.sum
@@ -9,5 +9,5 @@ github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+l
 github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
 github.com/ncruces/go-dns v1.2.7 h1:NMA7vFqXUl+nBhGFlleLyo2ni3Lqv3v+qFWZidzRemI=
 github.com/ncruces/go-dns v1.2.7/go.mod h1:SqmhVMBd8Wr7hsu3q6yTt6/Jno/xLMrbse/JLOMBo1Y=
-golang.org/x/net v0.43.0 h1:lat02VYK2j4aLzMzecihNvTlJNQUq316m2Mr9rnM6YE=
-golang.org/x/net v0.43.0/go.mod h1:vhO1fvI4dGsIjh73sWfUVjj3N7CA9WkKJNQm2svM6Jg=
+golang.org/x/net v0.44.0 h1:evd8IRDyfNBMBTTY5XRF1vaZlD+EmWx6x8PkhR04H/I=
+golang.org/x/net v0.44.0/go.mod h1:ECOoLqd5U3Lhyeyo/QDCEVQ4sNgYsqvCZ722XogGieY=
diff --git a/main.go b/main.go
index a895b9e..996842b 100644
--- a/main.go
+++ b/main.go
@@ -366,6 +366,9 @@ func run() int {
 				ss = dialer.NewFastestServerSelectionFunc(
 					args.serverSelectionTestURL,
 					args.serverSelectionDLLimit,
+					&tls.Config{
+						RootCAs: caPool,
+					},
 				)
 			default:
 				panic("unhandled server selection value got past parsing")