diff --git a/java-client/src/main/java/org/opensearch/client/transport/httpclient5/ApacheHttpClient5TransportBuilder.java b/java-client/src/main/java/org/opensearch/client/transport/httpclient5/ApacheHttpClient5TransportBuilder.java
index bf75ba74b4..25c49e9118 100644
--- a/java-client/src/main/java/org/opensearch/client/transport/httpclient5/ApacheHttpClient5TransportBuilder.java
+++ b/java-client/src/main/java/org/opensearch/client/transport/httpclient5/ApacheHttpClient5TransportBuilder.java
@@ -79,6 +79,7 @@ public class ApacheHttpClient5TransportBuilder {
     private Optional<Boolean> chunkedEnabled;
     private JsonpMapper mapper;
     private TransportOptions options;
+    private TlsStrategy tlsStrategy;
 
     /**
      * Creates a new builder instance and sets the hosts that the client will send requests to.
@@ -263,6 +264,16 @@ public ApacheHttpClient5TransportBuilder setChunkedEnabled(boolean chunkedEnable
         return this;
     }
 
+    /**
+     * Optional custom tls strategy to replace the default
+     *
+     * @param tlsStrategy custom tlsStrategy
+     */
+    public ApacheHttpClient5TransportBuilder setTlsStrategy(TlsStrategy tlsStrategy) {
+        this.tlsStrategy = tlsStrategy;
+        return this;
+    }
+
     /**
      * Creates a new {@link RestClient} based on the provided configuration.
      */
@@ -338,7 +349,7 @@ private CloseableHttpAsyncClient createHttpClient() {
         }
 
         try {
-            final TlsStrategy tlsStrategy = ClientTlsStrategyBuilder.create()
+            final TlsStrategy tlsStrategy = this.tlsStrategy != null ? this.tlsStrategy : ClientTlsStrategyBuilder.create()
                 .setSslContext(SSLContext.getDefault())
                 // See https://issues.apache.org/jira/browse/HTTPCLIENT-2219
                 .setTlsDetailsFactory(new Factory<SSLEngine, TlsDetails>() {