diff --git a/packages/grpc-js/src/channel-credentials.ts b/packages/grpc-js/src/channel-credentials.ts
index 2ed18507f..73672a295 100644
--- a/packages/grpc-js/src/channel-credentials.ts
+++ b/packages/grpc-js/src/channel-credentials.ts
@@ -53,6 +53,7 @@ export interface VerifyOptions {
    * has been performed on the peer certificate.
    */
   checkServerIdentity?: CheckServerIdentityCallback;
+  rejectUnauthorized?: boolean;
 }
 
 /**
@@ -198,6 +199,11 @@ class SecureChannelCredentialsImpl extends ChannelCredentials {
       this.connectionOptions.checkServerIdentity =
         verifyOptions.checkServerIdentity;
     }
+
+    if (verifyOptions?.rejectUnauthorized) {
+      this.connectionOptions.rejectUnauthorized =
+        verifyOptions.rejectUnauthorized;
+    }
   }
 
   compose(callCredentials: CallCredentials): ChannelCredentials {
diff --git a/packages/grpc-js/src/transport.ts b/packages/grpc-js/src/transport.ts
index 703547f61..1acbab40e 100644
--- a/packages/grpc-js/src/transport.ts
+++ b/packages/grpc-js/src/transport.ts
@@ -743,7 +743,6 @@ export class Http2SubchannelConnector implements SubchannelConnector {
         ...connectionOptions,
         ...address,
         enableTrace: options['grpc-node.tls_enable_trace'] === 1,
-        rejectUnauthorized: options['grpc-node.tls_reject_unauthorized'] ?? true,
       };
 
       /* http2.connect uses the options here:
@@ -838,9 +837,6 @@ export class Http2SubchannelConnector implements SubchannelConnector {
       if (options['grpc-node.tls_enable_trace']) {
         connectionOptions.enableTrace = true;
       }
-      if (options['grpc-node.tls_reject_unauthorized']) {
-        connectionOptions.rejectUnauthorized = options['grpc-node.tls_reject_unauthorized'];
-      }
     }
 
     return getProxiedConnection(address, options, connectionOptions).then(