Currently, kt will not attempt to use TLS unless cert, ca, and key paths are all provided and valid. Is this necessary if the host running kt has default system certs set up properly? If so, a -tls option would be handy that causes an empty&tls.Config{} to be returned from setupCerts().

Forgive me if this over-simplifies the issue..

    if cmd.UseTLS {
       return &tls.Config{}, nil
   }