diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9aaed431..64a2374d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,10 @@
 All notable changes to the Zlux Server Framework package will be documented in this file.
 This repo is part of the app-server Zowe Component, and the change logs here may appear on Zowe.org in that section.
 
+## 2.3.0
+
+- Bugfix: Proxies (zss, external services, and those made by router services) now default to the same HTTPS/TLS settings as the app-esrver.
+
 ## 2.0.0
 
 - Breaking change: The list of properties sent back from the /server/environment has changed to reflect the different environment values present in Zowe v2
diff --git a/lib/webapp.js b/lib/webapp.js
index a83b63f8..39128972 100644
--- a/lib/webapp.js
+++ b/lib/webapp.js
@@ -1517,12 +1517,16 @@ WebApp.prototype = {
   
   makeProxy(urlPrefix, noAuth, overrideOptions, host, port) {
     const r = express.Router();
+    let tlsOptions = Object.assign({}, this.options.tlsOptions);
+    delete tlsOptions.key;
+    delete tlsOptions.cert;
     let options = {
       urlPrefix,
       isHttps: false, 
       addProxyAuthorizations: (noAuth? null : this.auth.addProxyAuthorizations),
       processProxiedHeaders: (noAuth? null: this.auth.processProxiedHeaders),
-      allowInvalidTLSProxy: this.options.allowInvalidTLSProxy
+      allowInvalidTLSProxy: this.options.allowInvalidTLSProxy,
+      tlsOptions: tlsOptions
     };
     if (!(host && port)) {
       //destined for agent rather than 3rd party server
@@ -1546,13 +1550,17 @@ WebApp.prototype = {
   
   makeExternalProxy(host, port, urlPrefix, isHttps, noAuth, pluginID, serviceName) {
     const r = express.Router();
+    let tlsOptions = Object.assign({}, this.options.tlsOptions);
+    delete tlsOptions.key;
+    delete tlsOptions.cert;
     installLog.info(`ZWED0053I`, `${isHttps? 'HTTPS' : 'HTTP'}`, `${pluginID}:${serviceName}`, `${host}:${port}/${urlPrefix}`); //installLog.info(`Setting up ${isHttps? 'HTTPS' : 'HTTP'} proxy ` +`(${pluginID}:${serviceName}) to destination=${host}:${port}/${urlPrefix}`);
     let myProxy = proxy.makeSimpleProxy(host, port, {
       urlPrefix, 
       isHttps, 
       addProxyAuthorizations: (noAuth? null : this.auth.addProxyAuthorizations),
       processProxiedHeaders: (noAuth? null : this.auth.processProxiedHeaders),
-      allowInvalidTLSProxy: this.options.allowInvalidTLSProxy
+      allowInvalidTLSProxy: this.options.allowInvalidTLSProxy,
+      tlsOptions: tlsOptions
     }, pluginID, serviceName);
     proxyMap.set(pluginID + ":" + serviceName, myProxy);
     r.use(myProxy);