diff --git a/ircrobots/__init__.py b/ircrobots/__init__.py
index 5b798ed..c033b8f 100644
--- a/ircrobots/__init__.py
+++ b/ircrobots/__init__.py
@@ -3,3 +3,4 @@ from .server import Server
 from .params import (ConnectionParams, SASLUserPass, SASLExternal, SASLSCRAM,
     STSPolicy, ResumePolicy)
 from .ircv3  import Capability
+from .security import TLS
diff --git a/ircrobots/security.py b/ircrobots/security.py
index f10b700..373c34f 100644
--- a/ircrobots/security.py
+++ b/ircrobots/security.py
@@ -1,7 +1,10 @@
 import ssl
+from dataclasses import dataclass
+from typing import Optional, Tuple
 
+@dataclass
 class TLS:
-    pass
+    client_keypair: Optional[Tuple[str, str]] = None
 
 # tls without verification
 class TLSNoVerify(TLS):
diff --git a/ircrobots/transport.py b/ircrobots/transport.py
index a7cb330..3a43cb3 100644
--- a/ircrobots/transport.py
+++ b/ircrobots/transport.py
@@ -43,6 +43,9 @@ class TCPTransport(ITCPTransport):
         cur_ssl: Optional[SSLContext] = None
         if tls is not None:
             cur_ssl = tls_context(not isinstance(tls, TLSNoVerify))
+            if tls.client_keypair is not None:
+                (client_cert, client_key) = tls.client_keypair
+                cur_ssl.load_cert_chain(client_cert, keyfile=client_key)
 
         local_addr: Optional[Tuple[str, int]] = None
         if not bindhost is None: