diff --git a/.changeset/stupid-queens-listen.md b/.changeset/stupid-queens-listen.md
new file mode 100644
index 00000000..be443a72
--- /dev/null
+++ b/.changeset/stupid-queens-listen.md
@@ -0,0 +1,5 @@
+---
+'pac-proxy-agent': patch
+---
+
+Add `servername` to tls connection options when pac-proxy-agent results in DIRECT connection
diff --git a/packages/pac-proxy-agent/src/index.ts b/packages/pac-proxy-agent/src/index.ts
index bcc821d3..1026784c 100644
--- a/packages/pac-proxy-agent/src/index.ts
+++ b/packages/pac-proxy-agent/src/index.ts
@@ -232,7 +232,15 @@ export class PacProxyAgent<Uri extends string> extends Agent {
 
 			if (type === 'DIRECT') {
 				// Direct connection to the destination endpoint
-				socket = secureEndpoint ? tls.connect(opts) : net.connect(opts);
+				if (secureEndpoint) {
+					const servername = opts.servername || opts.host;
+					socket = tls.connect({
+						...opts,
+						servername: (!servername || net.isIP(servername)) ? undefined : servername,
+					});
+				} else {
+					socket = net.connect(opts);
+				}
 			} else if (type === 'SOCKS' || type === 'SOCKS5') {
 				// Use a SOCKSv5h proxy
 				agent = new SocksProxyAgent(`socks://${target}`, this.opts);