diff --git a/cmd/flipt/main.go b/cmd/flipt/main.go
index f0386c32a6..dc3aa0a5f1 100644
--- a/cmd/flipt/main.go
+++ b/cmd/flipt/main.go
@@ -3,6 +3,7 @@ package main
 import (
 	"bytes"
 	"context"
+	"crypto/tls"
 	"errors"
 	"fmt"
 	"io/fs"
@@ -24,6 +25,7 @@ import (
 	"go.flipt.io/flipt/internal/release"
 	"go.flipt.io/flipt/internal/telemetry"
 	"go.flipt.io/reverst/client"
+	"go.flipt.io/reverst/pkg/protocol"
 	"go.uber.org/zap"
 	"go.uber.org/zap/zapcore"
 	"golang.org/x/sync/errgroup"
@@ -372,20 +374,26 @@ func run(ctx context.Context, logger *zap.Logger, cfg *config.Config) error {
 
 	if cfg.Server.Cloud.Enabled {
 		// starts QUIC tunnel server to connect to Cloud
+		var (
+			orgHost = fmt.Sprintf("%s.%s", cfg.Server.Cloud.Organization, cfg.Server.Cloud.Address)
+			tunnel  = fmt.Sprintf("%s-%s", cfg.Server.Cloud.Instance, orgHost)
+		)
+
 		g.Go(func() error {
 			tunnelServer := &client.Server{
-				TunnelGroup:   fmt.Sprintf("%s.%s", cfg.Server.Cloud.Organization, cfg.Server.Cloud.Address),
+				TunnelGroup:   tunnel,
 				Handler:       httpServer.Handler,
 				Authenticator: client.BearerAuthenticator(cfg.Server.Cloud.Authentication.ApiKey),
+				TLSConfig: &tls.Config{
+					NextProtos: []string{protocol.Name},
+					ServerName: orgHost,
+				},
 			}
 
-			defer tunnelServer.Close()
-
-			tunnel := fmt.Sprintf("%s-%s.%s", cfg.Server.Cloud.Instance, cfg.Server.Cloud.Organization, cfg.Server.Cloud.Address)
-
-			logger.Info("cloud tunnel available", zap.String("address", tunnel), zap.Int("port", cfg.Server.Cloud.Port))
+			addr := fmt.Sprintf("%s:%d", tunnel, cfg.Server.Cloud.Port)
+			logger.Info("cloud tunnel available", zap.String("address", addr))
 
-			if err := tunnelServer.DialAndServe(ctx, fmt.Sprintf("%s:%d", tunnel, cfg.Server.Cloud.Port)); !errors.Is(err, http.ErrServerClosed) {
+			if err := tunnelServer.DialAndServe(ctx, addr); !errors.Is(err, http.ErrServerClosed) {
 				return fmt.Errorf("cloud tunnel server: %w", err)
 			}
 
diff --git a/go.mod b/go.mod
index 6ab1bf3dd0..21127d3e77 100644
--- a/go.mod
+++ b/go.mod
@@ -63,7 +63,7 @@ require (
 	go.flipt.io/flipt/errors v1.19.3
 	go.flipt.io/flipt/rpc/flipt v1.38.0
 	go.flipt.io/flipt/sdk/go v0.11.0
-	go.flipt.io/reverst v0.1.1
+	go.flipt.io/reverst v0.1.2
 	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0
 	go.opentelemetry.io/contrib/propagators/autoprop v0.50.0
 	go.opentelemetry.io/otel v1.25.0
diff --git a/go.sum b/go.sum
index 4ff7f5ae88..d88374c208 100644
--- a/go.sum
+++ b/go.sum
@@ -727,8 +727,8 @@ github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5t
 github.com/yusufpapurcu/wmi v1.2.3 h1:E1ctvB7uKFMOJw3fdOW32DwGE9I7t++CRUEMKvFoFiw=
 github.com/yusufpapurcu/wmi v1.2.3/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0=
 github.com/zenazn/goji v0.9.0/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q=
-go.flipt.io/reverst v0.1.1 h1:uYKN35RtYCFdEmDD3eaS3q8NQroyuOb3tHX6Sb1LNEg=
-go.flipt.io/reverst v0.1.1/go.mod h1:zWNkpuIN1VLVJnbZ1aEoD6bl7cnfTtseXyP50FobPbk=
+go.flipt.io/reverst v0.1.2 h1:L43Jx5oWAQwOCK6J/bCN9fXgIIGymnJx1yyp2UCbb14=
+go.flipt.io/reverst v0.1.2/go.mod h1:0kDf22udIDgZAruOu6/9/dZIHRpWJhDcZ3fqoP33jc0=
 go.mongodb.org/mongo-driver v1.11.4/go.mod h1:PTSz5yu21bkT/wXpkS7WR5f0ddqw5quethTUn9WM+2g=
 go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
 go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=