diff --git a/client.go b/client.go
index 221a7df6..b69c63a5 100644
--- a/client.go
+++ b/client.go
@@ -29,7 +29,7 @@ var DefaultHost = HostDevelopment
 var (
 	// TLSDialTimeout is the maximum amount of time a dial will wait for a connect
 	// to complete.
-	TLSDialTimeout = 20 * time.Second
+	TLSDialTimeoGut = 20 * time.Second
 	// HTTPClientTimeout specifies a time limit for requests made by the
 	// HTTPClient. The timeout includes connection time, any redirects,
 	// and reading the response body.
@@ -37,6 +37,11 @@ var (
 	// TCPKeepAlive specifies the keep-alive period for an active network
 	// connection. If zero, keep-alives are not enabled.
 	TCPKeepAlive = 60 * time.Second
+	// TCPIdleTimeout specifies the maximum amount of time an idle
+	// (keep-alive) connection will remain idle before closing
+	// itself.
+	// If zero, are no limit.
+	TCPIdleTimeout = 0 * time.Second
 )
 
 // DialTLS is the default dial function for creating TLS connections for
@@ -79,10 +84,11 @@ func NewClient(certificate tls.Certificate) *Client {
 	if len(certificate.Certificate) > 0 {
 		tlsConfig.BuildNameToCertificate()
 	}
-	transport := &http2.Transport{
-		TLSClientConfig: tlsConfig,
-		DialTLS:         DialTLS,
-	}
+	transport, _ := http2.ConfigureTransport(&http.Transport{
+		IdleConnTimeout: TCPIdleTimeout,
+	})
+	transport.TLSClientConfig = tlsConfig
+	transport.DialTLS = DialTLS
 	return &Client{
 		HTTPClient: &http.Client{
 			Transport: transport,
@@ -102,9 +108,10 @@ func NewClient(certificate tls.Certificate) *Client {
 // notifications; don’t repeatedly open and close connections. APNs treats rapid
 // connection and disconnection as a denial-of-service attack.
 func NewTokenClient(token *token.Token) *Client {
-	transport := &http2.Transport{
-		DialTLS: DialTLS,
-	}
+	transport, _ := http2.ConfigureTransport(&http.Transport{
+		IdleConnTimeout: TCPIdleTimeout,
+	})
+	transport.DialTLS = DialTLS
 	return &Client{
 		Token: token,
 		HTTPClient: &http.Client{