diff --git a/config-example.yaml b/config-example.yaml
index d1e46e26..2028d332 100644
--- a/config-example.yaml
+++ b/config-example.yaml
@@ -161,13 +161,6 @@ acme_email: ""
 # Domain name to request a TLS certificate for:
 tls_letsencrypt_hostname: ""
 
-# Client (Tailscale/Browser) authentication mode (mTLS)
-# Acceptable values:
-# - disabled: client authentication disabled
-# - relaxed: client certificate is required but not verified
-# - enforced: client certificate is required and verified
-tls_client_auth_mode: relaxed
-
 # Path to store certificates and metadata needed by
 # letsencrypt
 # For production:
diff --git a/docs/tls.md b/docs/tls.md
index c319359a..557cdf01 100644
--- a/docs/tls.md
+++ b/docs/tls.md
@@ -29,17 +29,3 @@ headscale can also be configured to expose its web service via TLS. To configure
 tls_cert_path: ""
 tls_key_path: ""
 ```
-
-### Configuring Mutual TLS Authentication (mTLS)
-
-mTLS is a method by which an HTTPS server authenticates clients, e.g. Tailscale, using TLS certificates. This can be configured by applying one of the following values to the `tls_client_auth_mode` setting in the configuration file.
-
-| Value               | Behavior                                                   |
-| ------------------- | ---------------------------------------------------------- |
-| `disabled`          | Disable mTLS.                                              |
-| `relaxed` (default) | A client certificate is required, but it is not verified.  |
-| `enforced`          | Requires clients to supply a certificate that is verified. |
-
-```yaml
-tls_client_auth_mode: ""
-```