diff --git a/compose/cli/docker_client.py b/compose/cli/docker_client.py
index c8159ad49..e2848a90b 100644
--- a/compose/cli/docker_client.py
+++ b/compose/cli/docker_client.py
@@ -22,14 +22,17 @@ def tls_config_from_options(options):
     key = options.get('--tlskey')
     verify = options.get('--tlsverify')
 
-    if tls is True:
+    advanced_opts = any([ca_cert, cert, key, verify])
+
+    if tls is True and not advanced_opts:
         return True
-    elif any([ca_cert, cert, key, verify]):
+    elif advanced_opts:
         client_cert = None
         if cert or key:
             client_cert = (cert, key)
         return TLSConfig(
-            client_cert=client_cert, verify=verify, ca_cert=ca_cert
+            client_cert=client_cert, verify=verify, ca_cert=ca_cert,
+            assert_hostname=options.get('--skip-hostname-check')
         )
     else:
         return None
diff --git a/compose/cli/main.py b/compose/cli/main.py
index 331476e21..6eada097f 100644
--- a/compose/cli/main.py
+++ b/compose/cli/main.py
@@ -156,6 +156,9 @@ class TopLevelCommand(object):
       --tlscert CLIENT_CERT_PATH  Path to TLS certificate file
       --tlskey TLS_KEY_PATH       Path to TLS key file
       --tlsverify                 Use TLS and verify the remote
+      --skip-hostname-check       Don't check the daemon's hostname against the name specified
+                                  in the client certificate (for example if your docker host
+                                  is an IP address)
 
     Commands:
       build              Build or rebuild services