diff --git a/client/factory.go b/client/factory.go
index c3f077aa6..95b6f2c7d 100644
--- a/client/factory.go
+++ b/client/factory.go
@@ -216,6 +216,11 @@ func (b *clientFactory) createTLSConfig(c *cli.Context) (*tls.Config, error) {
 	if err != nil {
 		return nil, fmt.Errorf("unable to read TLS disable host verification flag: %w", err)
 	}
+	enableTLSS := c.String(common.FlagTLS)
+	enableTLS, err := strconv.ParseBool(enableTLSS)
+	if err != nil {
+		return nil, fmt.Errorf("unable to read TLS flag: %w", err)
+	}
 
 	serverName := c.String(common.FlagTLSServerName)
 
@@ -267,6 +272,17 @@ func (b *clientFactory) createTLSConfig(c *cli.Context) (*tls.Config, error) {
 		tlsConfig := auth.NewTLSConfigForServer(host, !disableHostNameVerification)
 		return tlsConfig, nil
 	}
+	// If we are given a TLS flag, set the TLS server name from the address
+	if enableTLS {
+		hostPort := c.String(common.FlagAddress)
+		if hostPort == "" {
+			hostPort = common.LocalHostPort
+		}
+		// Ignoring error as we'll fail to dial anyway, and that will produce a meaningful error
+		host, _, _ = net.SplitHostPort(hostPort)
+		tlsConfig := auth.NewTLSConfigForServer(host, !disableHostNameVerification)
+		return tlsConfig, nil
+	}
 
 	return nil, nil
 }
diff --git a/common/defs-flags.go b/common/defs-flags.go
index 280bc7b3c..72b765e2c 100644
--- a/common/defs-flags.go
+++ b/common/defs-flags.go
@@ -6,6 +6,7 @@ const (
 	FlagAddrDefinition           = "The host and port (formatted as host:port) for the Temporal Frontend Service."
 	FlagNSAliasDefinition        = "Identifies a Namespace in the Temporal Workflow."
 	FlagMetadataDefinition       = "Contains gRPC metadata to send with requests (formatted as key=value)."
+	FlagTLSDefinition            = "Enable TLS encryption without additional options such as mTLS or client certificates"
 	FlagTLSCertPathDefinition    = "Path to x509 certificate."
 	FlagTLSKeyPathDefinition     = "Path to private certificate key."
 	FlagTLSCaPathDefinition      = "Path to server CA certificate."
diff --git a/common/flags.go b/common/flags.go
index f9bfca19e..fa5809bcb 100644
--- a/common/flags.go
+++ b/common/flags.go
@@ -107,6 +107,7 @@ var (
 	FlagTaskQueueAlias             = []string{"t"}
 	FlagTaskQueueType              = "task-queue-type"
 	FlagTimeZone                   = "time-zone"
+	FlagTLS                        = "tls"
 	FlagTLSCaPath                  = "tls-ca-path"
 	FlagTLSCertPath                = "tls-cert-path"
 	FlagTLSDisableHostVerification = "tls-disable-host-verification"
@@ -161,6 +162,12 @@ var SharedFlags = []cli.Flag{
 		Usage:    FlagMetadataDefinition,
 		Category: CategoryGlobal,
 	},
+	&cli.BoolFlag{
+		Name:     FlagTLS,
+		Usage:    FlagTLSDefinition,
+		EnvVars:  []string{"TEMPORAL_CLI_TLS"},
+		Category: CategoryGlobal,
+	},
 	&cli.StringFlag{
 		Name:     FlagTLSCertPath,
 		Value:    "",