diff --git a/README.md b/README.md
index d7fda51..bd9d49e 100644
--- a/README.md
+++ b/README.md
@@ -159,11 +159,6 @@ const client = new LhispOauthClient({
 await client.get({ path: "/status" });
 ```
 
-### Observações de segurança
-
-- O `https.Agent` é criado com `rejectUnauthorized: false` (com ou sem certificado). Isso **desabilita validação do certificado** do servidor TLS.
-  - Em produção, isso pode reduzir segurança. Se você precisar de validação TLS, será necessário ajustar a implementação.
-
 ---
 
 ## English
@@ -319,8 +314,3 @@ const client = new LhispOauthClient({
 
 await client.get({ path: "/status" });
 ```
-
-### Security notes
-
-- The internal `https.Agent` is created with `rejectUnauthorized: false` (with or without PFX). This **disables TLS server certificate validation**.
-  - In production, this may reduce security. If you need strict TLS validation, the implementation must be adjusted.
diff --git a/package-lock.json b/package-lock.json
index 10813df..dad1f18 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "lhisp-oauth-client",
-  "version": "1.0.38",
+  "version": "1.0.40",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "lhisp-oauth-client",
-      "version": "1.0.38",
+      "version": "1.0.40",
       "license": "MIT",
       "dependencies": {
         "axios": "^1.10.0"
diff --git a/package.json b/package.json
index cc8c724..ef86604 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "lhisp-oauth-client",
-  "version": "1.0.39",
+  "version": "1.0.40",
   "main": "src/index",
   "types": "src/index.d.ts",
   "repository": {
diff --git a/src/lhisp-oauth-client.t.ts b/src/lhisp-oauth-client.t.ts
index 8867a03..0d997da 100644
--- a/src/lhisp-oauth-client.t.ts
+++ b/src/lhisp-oauth-client.t.ts
@@ -32,6 +32,7 @@ export interface LhispOauthClientConstructorParams {
   debug?: boolean;
   timeout?: number;
   logger?: Logger;
+  rejectUnauthorized?: boolean;
 }
 
 export interface ExecutarRequestParams extends AxiosRequestConfig {
diff --git a/src/lhisp-oauth-client.ts b/src/lhisp-oauth-client.ts
index 70122f1..da4d5e2 100644
--- a/src/lhisp-oauth-client.ts
+++ b/src/lhisp-oauth-client.ts
@@ -43,11 +43,11 @@ export class LhispOauthClient<iAccessToken extends AccessToken = AccessToken> {
       this.agent = new https.Agent({
         pfx: Buffer.isBuffer(params.certificado) ? params.certificado : Buffer.from(params.certificado, "base64"),
         passphrase: params.senhaCertificado ? params.senhaCertificado : undefined,
-        rejectUnauthorized: false,
+        rejectUnauthorized: params.rejectUnauthorized ?? false,
       });
     } else {
       this.agent = new https.Agent({
-        rejectUnauthorized: false,
+        rejectUnauthorized: params.rejectUnauthorized ?? false,
       });
     }