diff --git a/api/client/cli.go b/api/client/cli.go
index d3895a9a18..4f4362d90b 100644
--- a/api/client/cli.go
+++ b/api/client/cli.go
@@ -15,7 +15,7 @@ import (
 	"github.com/docker/docker/dockerversion"
 	"github.com/docker/docker/opts"
 	"github.com/docker/docker/pkg/term"
-	"github.com/docker/docker/pkg/tlsconfig"
+	"github.com/docker/go-connections/tlsconfig"
 )
 
 // DockerCli represents the docker command line client.
diff --git a/api/client/trust.go b/api/client/trust.go
index 252b9b1260..cc93ebae00 100644
--- a/api/client/trust.go
+++ b/api/client/trust.go
@@ -28,9 +28,9 @@ import (
 	"github.com/docker/docker/pkg/ansiescape"
 	"github.com/docker/docker/pkg/ioutils"
 	flag "github.com/docker/docker/pkg/mflag"
-	"github.com/docker/docker/pkg/tlsconfig"
 	"github.com/docker/docker/reference"
 	"github.com/docker/docker/registry"
+	"github.com/docker/go-connections/tlsconfig"
 	"github.com/docker/notary/client"
 	"github.com/docker/notary/passphrase"
 	"github.com/docker/notary/trustmanager"
diff --git a/api/server/server.go b/api/server/server.go
index e092ad3b7a..8b3c41a9ae 100644
--- a/api/server/server.go
+++ b/api/server/server.go
@@ -18,8 +18,8 @@ import (
 	"github.com/docker/docker/api/server/router/volume"
 	"github.com/docker/docker/daemon"
 	"github.com/docker/docker/pkg/authorization"
-	"github.com/docker/docker/pkg/sockets"
 	"github.com/docker/docker/utils"
+	"github.com/docker/go-connections/sockets"
 	"github.com/gorilla/mux"
 	"golang.org/x/net/context"
 )
diff --git a/api/server/server_unix.go b/api/server/server_unix.go
index 2f52d24ad2..a4fc639575 100644
--- a/api/server/server_unix.go
+++ b/api/server/server_unix.go
@@ -10,7 +10,7 @@ import (
 	"strconv"
 
 	"github.com/Sirupsen/logrus"
-	"github.com/docker/docker/pkg/sockets"
+	"github.com/docker/go-connections/sockets"
 	"github.com/docker/libnetwork/portallocator"
 
 	systemdActivation "github.com/coreos/go-systemd/activation"
diff --git a/cli/common.go b/cli/common.go
index a1f3646d84..1ece1fb616 100644
--- a/cli/common.go
+++ b/cli/common.go
@@ -2,7 +2,7 @@ package cli
 
 import (
 	flag "github.com/docker/docker/pkg/mflag"
-	"github.com/docker/docker/pkg/tlsconfig"
+	"github.com/docker/go-connections/tlsconfig"
 )
 
 // CommonFlags represents flags that are common to both the client and the daemon.
diff --git a/docker/common.go b/docker/common.go
index 351257e779..250924694f 100644
--- a/docker/common.go
+++ b/docker/common.go
@@ -10,7 +10,7 @@ import (
 	"github.com/docker/docker/cliconfig"
 	"github.com/docker/docker/opts"
 	flag "github.com/docker/docker/pkg/mflag"
-	"github.com/docker/docker/pkg/tlsconfig"
+	"github.com/docker/go-connections/tlsconfig"
 )
 
 const (
diff --git a/docker/daemon.go b/docker/daemon.go
index dd7a938403..e74609041a 100644
--- a/docker/daemon.go
+++ b/docker/daemon.go
@@ -25,9 +25,9 @@ import (
 	"github.com/docker/docker/pkg/pidfile"
 	"github.com/docker/docker/pkg/signal"
 	"github.com/docker/docker/pkg/system"
-	"github.com/docker/docker/pkg/tlsconfig"
 	"github.com/docker/docker/registry"
 	"github.com/docker/docker/utils"
+	"github.com/docker/go-connections/tlsconfig"
 )
 
 const daemonUsage = "       docker daemon [ --help | ... ]\n"
diff --git a/integration-cli/docker_utils.go b/integration-cli/docker_utils.go
index 01a2811ebd..17611581e1 100644
--- a/integration-cli/docker_utils.go
+++ b/integration-cli/docker_utils.go
@@ -27,9 +27,9 @@ import (
 	"github.com/docker/docker/pkg/httputils"
 	"github.com/docker/docker/pkg/integration"
 	"github.com/docker/docker/pkg/ioutils"
-	"github.com/docker/docker/pkg/sockets"
 	"github.com/docker/docker/pkg/stringutils"
-	"github.com/docker/docker/pkg/tlsconfig"
+	"github.com/docker/go-connections/sockets"
+	"github.com/docker/go-connections/tlsconfig"
 	"github.com/go-check/check"
 )
 
diff --git a/integration-cli/trust_server.go b/integration-cli/trust_server.go
index 363adb4572..332165eb4a 100644
--- a/integration-cli/trust_server.go
+++ b/integration-cli/trust_server.go
@@ -11,7 +11,7 @@ import (
 	"strings"
 	"time"
 
-	"github.com/docker/docker/pkg/tlsconfig"
+	"github.com/docker/go-connections/tlsconfig"
 	"github.com/go-check/check"
 )
 
diff --git a/pkg/authorization/authz_test.go b/pkg/authorization/authz_test.go
index 369150bca8..75c549b7de 100644
--- a/pkg/authorization/authz_test.go
+++ b/pkg/authorization/authz_test.go
@@ -13,7 +13,7 @@ import (
 	"testing"
 
 	"github.com/docker/docker/pkg/plugins"
-	"github.com/docker/docker/pkg/tlsconfig"
+	"github.com/docker/go-connections/tlsconfig"
 	"github.com/gorilla/mux"
 )
 
diff --git a/pkg/discovery/kv/kv.go b/pkg/discovery/kv/kv.go
index 186bf5758e..8b7b4ed9e6 100644
--- a/pkg/discovery/kv/kv.go
+++ b/pkg/discovery/kv/kv.go
@@ -8,7 +8,7 @@ import (
 
 	log "github.com/Sirupsen/logrus"
 	"github.com/docker/docker/pkg/discovery"
-	"github.com/docker/docker/pkg/tlsconfig"
+	"github.com/docker/go-connections/tlsconfig"
 	"github.com/docker/libkv"
 	"github.com/docker/libkv/store"
 	"github.com/docker/libkv/store/consul"
diff --git a/pkg/plugins/client.go b/pkg/plugins/client.go
index e9e31a89d3..d8710128ca 100644
--- a/pkg/plugins/client.go
+++ b/pkg/plugins/client.go
@@ -11,8 +11,8 @@ import (
 	"time"
 
 	"github.com/Sirupsen/logrus"
-	"github.com/docker/docker/pkg/sockets"
-	"github.com/docker/docker/pkg/tlsconfig"
+	"github.com/docker/go-connections/sockets"
+	"github.com/docker/go-connections/tlsconfig"
 )
 
 const (
diff --git a/pkg/plugins/client_test.go b/pkg/plugins/client_test.go
index 3def6e2206..d9e14e20a4 100644
--- a/pkg/plugins/client_test.go
+++ b/pkg/plugins/client_test.go
@@ -8,7 +8,7 @@ import (
 	"testing"
 	"time"
 
-	"github.com/docker/docker/pkg/tlsconfig"
+	"github.com/docker/go-connections/tlsconfig"
 )
 
 var (
diff --git a/pkg/plugins/plugins.go b/pkg/plugins/plugins.go
index 5ad4d892f9..6317e4f174 100644
--- a/pkg/plugins/plugins.go
+++ b/pkg/plugins/plugins.go
@@ -28,7 +28,7 @@ import (
 	"time"
 
 	"github.com/Sirupsen/logrus"
-	"github.com/docker/docker/pkg/tlsconfig"
+	"github.com/docker/go-connections/tlsconfig"
 )
 
 var (
diff --git a/pkg/sockets/README.md b/pkg/sockets/README.md
deleted file mode 100644
index e69de29bb2..0000000000
diff --git a/pkg/sockets/tcp_socket.go b/pkg/sockets/tcp_socket.go
deleted file mode 100644
index 6665a3bde1..0000000000
--- a/pkg/sockets/tcp_socket.go
+++ /dev/null
@@ -1,44 +0,0 @@
-// Package sockets provides helper functions to create and configure Unix or TCP
-// sockets.
-package sockets
-
-import (
-	"crypto/tls"
-	"net"
-	"net/http"
-	"time"
-)
-
-// NewTCPSocket creates a TCP socket listener with the specified address and
-// and the specified tls configuration. If TLSConfig is set, will encapsulate the
-// TCP listener inside a TLS one.
-func NewTCPSocket(addr string, tlsConfig *tls.Config) (net.Listener, error) {
-	l, err := net.Listen("tcp", addr)
-	if err != nil {
-		return nil, err
-	}
-	if tlsConfig != nil {
-		tlsConfig.NextProtos = []string{"http/1.1"}
-		l = tls.NewListener(l, tlsConfig)
-	}
-	return l, nil
-}
-
-// ConfigureTCPTransport configures the specified Transport according to the
-// specified proto and addr.
-// If the proto is unix (using a unix socket to communicate) the compression
-// is disabled.
-func ConfigureTCPTransport(tr *http.Transport, proto, addr string) {
-	// Why 32? See https://github.com/docker/docker/pull/8035.
-	timeout := 32 * time.Second
-	if proto == "unix" {
-		// No need for compression in local communications.
-		tr.DisableCompression = true
-		tr.Dial = func(_, _ string) (net.Conn, error) {
-			return net.DialTimeout(proto, addr, timeout)
-		}
-	} else {
-		tr.Proxy = http.ProxyFromEnvironment
-		tr.Dial = (&net.Dialer{Timeout: timeout}).Dial
-	}
-}
diff --git a/pkg/sockets/unix_socket.go b/pkg/sockets/unix_socket.go
deleted file mode 100644
index c10acedca2..0000000000
--- a/pkg/sockets/unix_socket.go
+++ /dev/null
@@ -1,80 +0,0 @@
-// +build linux freebsd
-
-package sockets
-
-import (
-	"fmt"
-	"net"
-	"os"
-	"strconv"
-	"syscall"
-
-	"github.com/Sirupsen/logrus"
-	"github.com/opencontainers/runc/libcontainer/user"
-)
-
-// NewUnixSocket creates a unix socket with the specified path and group.
-func NewUnixSocket(path, group string) (net.Listener, error) {
-	if err := syscall.Unlink(path); err != nil && !os.IsNotExist(err) {
-		return nil, err
-	}
-	mask := syscall.Umask(0777)
-	defer syscall.Umask(mask)
-	l, err := net.Listen("unix", path)
-	if err != nil {
-		return nil, err
-	}
-	if err := setSocketGroup(path, group); err != nil {
-		l.Close()
-		return nil, err
-	}
-	if err := os.Chmod(path, 0660); err != nil {
-		l.Close()
-		return nil, err
-	}
-	return l, nil
-}
-
-func setSocketGroup(path, group string) error {
-	if group == "" {
-		return nil
-	}
-	if err := changeGroup(path, group); err != nil {
-		if group != "docker" {
-			return err
-		}
-		logrus.Debugf("Warning: could not change group %s to docker: %v", path, err)
-	}
-	return nil
-}
-
-func changeGroup(path string, nameOrGid string) error {
-	gid, err := lookupGidByName(nameOrGid)
-	if err != nil {
-		return err
-	}
-	logrus.Debugf("%s group found. gid: %d", nameOrGid, gid)
-	return os.Chown(path, 0, gid)
-}
-
-func lookupGidByName(nameOrGid string) (int, error) {
-	groupFile, err := user.GetGroupPath()
-	if err != nil {
-		return -1, err
-	}
-	groups, err := user.ParseGroupFileFilter(groupFile, func(g user.Group) bool {
-		return g.Name == nameOrGid || strconv.Itoa(g.Gid) == nameOrGid
-	})
-	if err != nil {
-		return -1, err
-	}
-	if groups != nil && len(groups) > 0 {
-		return groups[0].Gid, nil
-	}
-	gid, err := strconv.Atoi(nameOrGid)
-	if err == nil {
-		logrus.Warnf("Could not find GID %d", gid)
-		return gid, nil
-	}
-	return -1, fmt.Errorf("Group %s not found", nameOrGid)
-}
diff --git a/registry/registry.go b/registry/registry.go
index ba1626c137..883879cde8 100644
--- a/registry/registry.go
+++ b/registry/registry.go
@@ -23,8 +23,8 @@ import (
 	"github.com/docker/distribution/registry/client/transport"
 	"github.com/docker/docker/dockerversion"
 	"github.com/docker/docker/pkg/parsers/kernel"
-	"github.com/docker/docker/pkg/tlsconfig"
 	"github.com/docker/docker/pkg/useragent"
+	"github.com/docker/go-connections/tlsconfig"
 )
 
 var (
diff --git a/registry/service_v1.go b/registry/service_v1.go
index cd565bc43c..340ce9576a 100644
--- a/registry/service_v1.go
+++ b/registry/service_v1.go
@@ -4,8 +4,8 @@ import (
 	"fmt"
 	"strings"
 
-	"github.com/docker/docker/pkg/tlsconfig"
 	"github.com/docker/docker/reference"
+	"github.com/docker/go-connections/tlsconfig"
 )
 
 func (s *Service) lookupV1Endpoints(repoName reference.Named) (endpoints []APIEndpoint, err error) {
diff --git a/registry/service_v2.go b/registry/service_v2.go
index dfdc1569a2..f89326d515 100644
--- a/registry/service_v2.go
+++ b/registry/service_v2.go
@@ -4,8 +4,8 @@ import (
 	"fmt"
 	"strings"
 
-	"github.com/docker/docker/pkg/tlsconfig"
 	"github.com/docker/docker/reference"
+	"github.com/docker/go-connections/tlsconfig"
 )
 
 func (s *Service) lookupV2Endpoints(repoName reference.Named) (endpoints []APIEndpoint, err error) {
diff --git a/volume/drivers/proxy_test.go b/volume/drivers/proxy_test.go
index aa1d67e321..5e34b0773b 100644
--- a/volume/drivers/proxy_test.go
+++ b/volume/drivers/proxy_test.go
@@ -9,7 +9,7 @@ import (
 	"testing"
 
 	"github.com/docker/docker/pkg/plugins"
-	"github.com/docker/docker/pkg/tlsconfig"
+	"github.com/docker/go-connections/tlsconfig"
 )
 
 func TestVolumeRequestError(t *testing.T) {