diff --git a/canal/canal.go b/canal/canal.go
index f603b01ed..62c63410e 100644
--- a/canal/canal.go
+++ b/canal/canal.go
@@ -425,6 +425,7 @@ func (c *Canal) prepareSyncer() error {
 		SemiSyncEnabled:         c.cfg.SemiSyncEnabled,
 		MaxReconnectAttempts:    c.cfg.MaxReconnectAttempts,
 		TimestampStringLocation: c.cfg.TimestampStringLocation,
+		TLSConfig:               c.cfg.TLSConfig,
 	}
 
 	if strings.Contains(c.cfg.Addr, "/") {
@@ -453,11 +454,16 @@ func (c *Canal) prepareSyncer() error {
 func (c *Canal) Execute(cmd string, args ...interface{}) (rr *mysql.Result, err error) {
 	c.connLock.Lock()
 	defer c.connLock.Unlock()
-
+	argF := make([]func(*client.Conn), 0)
+	if c.cfg.TLSConfig != nil {
+		argF = append(argF, func(conn *client.Conn) {
+			conn.SetTLSConfig(c.cfg.TLSConfig)
+		})
+	}
 	retryNum := 3
 	for i := 0; i < retryNum; i++ {
 		if c.conn == nil {
-			c.conn, err = client.Connect(c.cfg.Addr, c.cfg.User, c.cfg.Password, "")
+			c.conn, err = client.Connect(c.cfg.Addr, c.cfg.User, c.cfg.Password, "", argF...)
 			if err != nil {
 				return nil, errors.Trace(err)
 			}
diff --git a/canal/config.go b/canal/config.go
index 121e09ea5..be8cdbe8a 100644
--- a/canal/config.go
+++ b/canal/config.go
@@ -1,6 +1,7 @@
 package canal
 
 import (
+	"crypto/tls"
 	"io/ioutil"
 	"math/rand"
 	"time"
@@ -79,6 +80,9 @@ type Config struct {
 	// Set to change the maximum number of attempts to re-establish a broken
 	// connection
 	MaxReconnectAttempts int `toml:"max_reconnect_attempts"`
+
+	// Set TLS config
+	TLSConfig *tls.Config
 }
 
 func NewConfigWithFile(name string) (*Config, error) {