diff --git a/components/engine/hack/vendor.sh b/components/engine/hack/vendor.sh
index 472be83126..4be3bab9f9 100755
--- a/components/engine/hack/vendor.sh
+++ b/components/engine/hack/vendor.sh
@@ -49,7 +49,7 @@ clone git github.com/agl/ed25519 d2b94fd789ea21d12fac1a4443dd3a3f79cda72c
 
 clone git github.com/opencontainers/runc 6c198ae2d065c37f44316e0de3df7f3b88950923 # libcontainer
 # libcontainer deps (see src/github.com/opencontainers/runc/Godeps/Godeps.json)
-clone git github.com/coreos/go-systemd v3
+clone git github.com/coreos/go-systemd db045881d426f46e064766fa9f546c3006d0973e
 clone git github.com/godbus/dbus v2
 clone git github.com/syndtr/gocapability 66ef2aa7a23ba682594e2b6f74cf40c0692b49fb
 clone git github.com/golang/protobuf 655cdfa588ea
diff --git a/components/engine/vendor/src/github.com/coreos/go-systemd/activation/listeners.go b/components/engine/vendor/src/github.com/coreos/go-systemd/activation/listeners.go
index a30cb89395..df27c29e9e 100644
--- a/components/engine/vendor/src/github.com/coreos/go-systemd/activation/listeners.go
+++ b/components/engine/vendor/src/github.com/coreos/go-systemd/activation/listeners.go
@@ -15,6 +15,7 @@
 package activation
 
 import (
+	"crypto/tls"
 	"net"
 )
 
@@ -35,3 +36,27 @@ func Listeners(unsetEnv bool) ([]net.Listener, error) {
 	}
 	return listeners, nil
 }
+
+// TLSListeners returns a slice containing a net.listener for each matching TCP socket type
+// passed to this process.
+// It uses default Listeners func and forces TCP sockets handlers to use TLS based on tlsConfig.
+func TLSListeners(unsetEnv bool, tlsConfig *tls.Config) ([]net.Listener, error) {
+	listeners, err := Listeners(unsetEnv)
+
+	if listeners == nil || err != nil {
+		return nil, err
+	}
+
+	if tlsConfig != nil && err == nil {
+		tlsConfig.NextProtos = []string{"http/1.1"}
+
+		for i, l := range listeners {
+			// Activate TLS only for TCP sockets
+			if l.Addr().Network() == "tcp" {
+				listeners[i] = tls.NewListener(l, tlsConfig)
+			}
+		}
+	}
+
+	return listeners, err
+}