diff --git a/CHANGELOG.md b/CHANGELOG.md
index e451b21b..4fb89c64 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -20,6 +20,7 @@ Improved compatibility, more features, etc.
 
 ### Removed
 * Removed channel persistence with the `+P` mode (not too useful as currently implemented, to be replaced later).
+* Removed the `PROXY` command (breaks our TLS user mode, and our integrated support for TLS should be fine).
 
 ### Fixed
 
diff --git a/README.md b/README.md
index 71dc2123..57a5ec45 100644
--- a/README.md
+++ b/README.md
@@ -25,14 +25,6 @@ This project adheres to [Semantic Versioning](http://semver.org/). For the purpo
 * client accounts and SASL
 * IRCv3 support
 
-### What about TLS/SSL?
-
-There is inbuilt TLS support using the Go TLS implementation. However,
-[stunnel](https://www.stunnel.org/index.html) version 4.56 with haproxy's
-[PROXY protocol](http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt)
-may also be used. This will allow the server to get the client's original
-addresses for hostname lookups.
-
 ## Installation
 
 ```sh
diff --git a/irc/client.go b/irc/client.go
index 07716fd5..2ac1c47f 100644
--- a/irc/client.go
+++ b/irc/client.go
@@ -126,8 +126,7 @@ func (client *Client) run() {
 	var line string
 	var msg ircmsg.IrcMessage
 
-	// Set the hostname for this client. The client may later send a PROXY
-	// command from stunnel that sets the hostname to something more accurate.
+	// Set the hostname for this client
 	client.hostname = AddrLookupHostname(client.socket.conn.RemoteAddr())
 
 	//TODO(dan): Make this a socketreactor from ircbnc
diff --git a/irc/commands.go b/irc/commands.go
index 3edf3762..b15adb45 100644
--- a/irc/commands.go
+++ b/irc/commands.go
@@ -146,11 +146,6 @@ var Commands = map[string]Command{
 		handler:   privmsgHandler,
 		minParams: 2,
 	},
-	"PROXY": {
-		handler:      proxyHandler,
-		usablePreReg: true,
-		minParams:    5,
-	},
 	"SANICK": {
 		handler:   sanickHandler,
 		minParams: 2,
diff --git a/irc/config.go b/irc/config.go
index e8e5fe8f..ec87681d 100644
--- a/irc/config.go
+++ b/irc/config.go
@@ -72,15 +72,14 @@ type Config struct {
 
 	Server struct {
 		PassConfig
-		Password         string
-		Name             string
-		Listen           []string
-		Wslisten         string                      `yaml:"ws-listen"`
-		TLSListeners     map[string]*TLSListenConfig `yaml:"tls-listeners"`
-		CheckIdent       bool                        `yaml:"check-ident"`
-		Log              string
-		MOTD             string
-		ProxyAllowedFrom []string `yaml:"proxy-allowed-from"`
+		Password     string
+		Name         string
+		Listen       []string
+		Wslisten     string                      `yaml:"ws-listen"`
+		TLSListeners map[string]*TLSListenConfig `yaml:"tls-listeners"`
+		CheckIdent   bool                        `yaml:"check-ident"`
+		Log          string
+		MOTD         string
 	}
 
 	Datastore struct {
diff --git a/irc/help.go b/irc/help.go
index 2203a281..22974082 100644
--- a/irc/help.go
+++ b/irc/help.go
@@ -187,13 +187,6 @@ Replies to a PING. Used to check link connectivity.`,
 		text: `PRIVMSG <target>{,<target>} <text to be sent>
         
 Sends the text to the given targets as a PRIVMSG.`,
-	},
-	"proxy": {
-		oper: true, // not really, but it's restricted anyways
-		text: `PROXY TCP4/6 <sourceip> <destip> <sourceport> <destport>
-        
-Used by haproxy's PROXY protocol, to allow for alternate TLS support:
-http://www.haproxy.org/download/1.7/doc/proxy-protocol.txt`,
 	},
 	"sanick": {
 		oper: true,
diff --git a/irc/server.go b/irc/server.go
index dff57980..cba4d76d 100644
--- a/irc/server.go
+++ b/irc/server.go
@@ -51,7 +51,6 @@ type Server struct {
 	passwords           *PasswordManager
 	accountRegistration *AccountRegistration
 	signals             chan os.Signal
-	proxyAllowedFrom    []string
 	whoWas              *WhoWasList
 	isupport            *ISupportList
 	checkIdent          bool
@@ -97,7 +96,6 @@ func NewServer(config *Config) *Server {
 		newConns:         make(chan clientConn),
 		operators:        config.Operators(),
 		signals:          make(chan os.Signal, len(SERVER_SIGNALS)),
-		proxyAllowedFrom: config.Server.ProxyAllowedFrom,
 		whoWas:           NewWhoWasList(config.Limits.WhowasEntries),
 		checkIdent:       config.Server.CheckIdent,
 	}
@@ -416,23 +414,6 @@ func passHandler(server *Server, client *Client, msg ircmsg.IrcMessage) bool {
 	return false
 }
 
-// PROXY TCP4/6 SOURCEIP DESTIP SOURCEPORT DESTPORT
-// http://www.haproxy.org/download/1.5/doc/proxy-protocol.txt
-func proxyHandler(server *Server, client *Client, msg ircmsg.IrcMessage) bool {
-	clientAddress := IPString(client.socket.conn.RemoteAddr())
-	clientHostname := client.hostname
-
-	for _, address := range server.proxyAllowedFrom {
-		if clientHostname == address || clientAddress == address {
-			client.hostname = LookupHostname(msg.Params[1])
-			return false
-		}
-	}
-
-	client.Quit("PROXY command is not usable from your address")
-	return true
-}
-
 // USER <username> * 0 <realname>
 func userHandler(server *Server, client *Client, msg ircmsg.IrcMessage) bool {
 	if client.registered {
diff --git a/oragono.yaml b/oragono.yaml
index 6ec9970f..ae0bc57a 100644
--- a/oragono.yaml
+++ b/oragono.yaml
@@ -41,11 +41,6 @@ server:
     # if you change the motd, you should move it to ircd.motd
     motd: oragono.motd
 
-    # addresses/hostnames the PROXY command can be used from
-    proxy-allowed-from:
-        - "localhost"
-        - "127.0.0.1"
-
 # account/channel registration
 registration:
     # account registration