diff --git a/x/httpproxy/connect_handler.go b/x/httpproxy/connect_handler.go
index cafbf964..52aa9946 100644
--- a/x/httpproxy/connect_handler.go
+++ b/x/httpproxy/connect_handler.go
@@ -15,9 +15,12 @@
 package httpproxy
 
 import (
+	"context"
+	"fmt"
 	"io"
 	"net"
 	"net/http"
+	"strings"
 
 	"github.com/Jigsaw-Code/outline-sdk/transport"
 )
@@ -35,11 +38,12 @@ func (h *handler) ServeHTTP(proxyResp http.ResponseWriter, proxyReq *http.Reques
 	if proxyReq.Method == http.MethodConnect {
 		h.handleConnect(proxyResp, proxyReq)
 		return
-	} else if proxyReq.URL.Host != "" {
+	}
+	if proxyReq.URL.Host != "" {
 		h.handleHTTPProxyRequest(proxyResp, proxyReq)
-	} else {
-		http.Error(proxyResp, "Not Found", http.StatusNotFound)
+		return
 	}
+	http.Error(proxyResp, "Not Found", http.StatusNotFound)
 }
 
 func (h *handler) handleHTTPProxyRequest(proxyResp http.ResponseWriter, proxyReq *http.Request) {
@@ -124,5 +128,11 @@ func (h *handler) handleConnect(proxyResp http.ResponseWriter, proxyReq *http.Re
 // The resulting handler is currently vulnerable to probing attacks. It's ok as a localhost proxy
 // but it may be vulnerable if used as a public proxy.
 func NewConnectHandler(dialer transport.StreamDialer) http.Handler {
-	return &handler{dialer, *http.DefaultClient}
+	dialContext := func(ctx context.Context, network, addr string) (net.Conn, error) {
+		if !strings.HasPrefix(network, "tcp") {
+			return nil, fmt.Errorf("protocol not supported: %v", network)
+		}
+		return dialer.Dial(ctx, addr)
+	}
+	return &handler{dialer, http.Client{Transport: &http.Transport{DialContext: dialContext}}}
 }