diff --git a/tests/e2e/cluster_downgrade_test.go b/tests/e2e/cluster_downgrade_test.go
index 183e338bc26..6b880d67191 100644
--- a/tests/e2e/cluster_downgrade_test.go
+++ b/tests/e2e/cluster_downgrade_test.go
@@ -154,7 +154,7 @@ func startEtcd(t *testing.T, ep e2e.EtcdProcess, execPath string) {
 }
 
 func downgradeEnable(t *testing.T, epc *e2e.EtcdProcessCluster, ver *semver.Version) {
-	c, err := e2e.NewEtcdctl(epc.Cfg, epc.EndpointsV3())
+	c, err := e2e.NewEtcdctl(epc.Cfg.Client, epc.EndpointsV3())
 	assert.NoError(t, err)
 	testutils.ExecuteWithTimeout(t, 20*time.Second, func() {
 		err := c.DowngradeEnable(context.TODO(), ver.String())
diff --git a/tests/e2e/corrupt_test.go b/tests/e2e/corrupt_test.go
index 7366089ae0c..91f19538ae8 100644
--- a/tests/e2e/corrupt_test.go
+++ b/tests/e2e/corrupt_test.go
@@ -115,7 +115,7 @@ func TestPeriodicCheckDetectsCorruption(t *testing.T) {
 		}
 	})
 
-	cc, err := e2e.NewEtcdctl(epc.Cfg, epc.EndpointsV3())
+	cc, err := e2e.NewEtcdctl(epc.Cfg.Client, epc.EndpointsV3())
 	assert.NoError(t, err)
 
 	for i := 0; i < 10; i++ {
@@ -163,7 +163,7 @@ func TestCompactHashCheckDetectCorruption(t *testing.T) {
 		}
 	})
 
-	cc, err := e2e.NewEtcdctl(epc.Cfg, epc.EndpointsV3())
+	cc, err := e2e.NewEtcdctl(epc.Cfg.Client, epc.EndpointsV3())
 	assert.NoError(t, err)
 
 	for i := 0; i < 10; i++ {
diff --git a/tests/e2e/ctl_v3_grpc_test.go b/tests/e2e/ctl_v3_grpc_test.go
index e0758d29dca..48a710b48cb 100644
--- a/tests/e2e/ctl_v3_grpc_test.go
+++ b/tests/e2e/ctl_v3_grpc_test.go
@@ -85,9 +85,9 @@ func TestAuthority(t *testing.T) {
 				cfg := e2e.NewConfigNoTLS()
 				cfg.ClusterSize = clusterSize
 				if tc.useTLS {
-					cfg.ClientTLS = e2e.ClientTLS
+					cfg.Client.ConnectionType = e2e.ClientTLS
 				}
-				cfg.IsClientAutoTLS = tc.useInsecureTLS
+				cfg.Client.AutoTLS = tc.useInsecureTLS
 				// Enable debug mode to get logs with http2 headers (including authority)
 				cfg.EnvVars = map[string]string{"GODEBUG": "http2debug=2"}
 
@@ -98,7 +98,7 @@ func TestAuthority(t *testing.T) {
 				defer epc.Close()
 				endpoints := templateEndpoints(t, tc.clientURLPattern, epc)
 
-				client, err := e2e.NewEtcdctl(cfg, endpoints)
+				client, err := e2e.NewEtcdctl(cfg.Client, endpoints)
 				assert.NoError(t, err)
 				err = client.Put(ctx, "foo", "bar", config.PutOptions{})
 				if err != nil {
diff --git a/tests/e2e/ctl_v3_kv_test.go b/tests/e2e/ctl_v3_kv_test.go
index c7f3a951ffb..f8a0a23b8a3 100644
--- a/tests/e2e/ctl_v3_kv_test.go
+++ b/tests/e2e/ctl_v3_kv_test.go
@@ -43,9 +43,9 @@ func TestCtlV3DelTimeout(t *testing.T) { testCtl(t, delTest, withDialTimeout(0))
 func TestCtlV3GetRevokedCRL(t *testing.T) {
 	cfg := e2e.NewConfig(
 		e2e.WithClusterSize(1),
-		e2e.WithClientTLS(e2e.ClientTLS),
-		e2e.WithIsClientCRL(true),
-		e2e.WithClientCertAuthEnabled(true),
+		e2e.WithClientConnType(e2e.ClientTLS),
+		e2e.WithClientRevokeCerts(true),
+		e2e.WithClientCertAuthority(true),
 	)
 	testCtl(t, testGetRevokedCRL, withCfg(*cfg))
 }
@@ -56,7 +56,7 @@ func testGetRevokedCRL(cx ctlCtx) {
 	require.ErrorContains(cx.t, err, "context deadline exceeded")
 
 	// test accept
-	cx.epc.Cfg.IsClientCRL = false
+	cx.epc.Cfg.Client.RevokeCerts = false
 	if err := ctlV3Put(cx, "k", "v", ""); err != nil {
 		cx.t.Fatal(err)
 	}
diff --git a/tests/e2e/ctl_v3_move_leader_test.go b/tests/e2e/ctl_v3_move_leader_test.go
index 0af45b4397d..da4bfdd64bc 100644
--- a/tests/e2e/ctl_v3_move_leader_test.go
+++ b/tests/e2e/ctl_v3_move_leader_test.go
@@ -61,7 +61,7 @@ func testCtlV3MoveLeader(t *testing.T, cfg e2e.EtcdProcessClusterConfig, envVars
 	}()
 
 	var tcfg *tls.Config
-	if cfg.ClientTLS == e2e.ClientTLS {
+	if cfg.Client.ConnectionType == e2e.ClientTLS {
 		tinfo := transport.TLSInfo{
 			CertFile:      e2e.CertPath,
 			KeyFile:       e2e.PrivateKeyPath,
diff --git a/tests/e2e/ctl_v3_test.go b/tests/e2e/ctl_v3_test.go
index dce60fa32a5..5254fbf5c5d 100644
--- a/tests/e2e/ctl_v3_test.go
+++ b/tests/e2e/ctl_v3_test.go
@@ -295,11 +295,11 @@ func (cx *ctlCtx) prefixArgs(eps []string) []string {
 	fmap := make(map[string]string)
 	fmap["endpoints"] = strings.Join(eps, ",")
 	fmap["dial-timeout"] = cx.dialTimeout.String()
-	if cx.epc.Cfg.ClientTLS == e2e.ClientTLS {
-		if cx.epc.Cfg.IsClientAutoTLS {
+	if cx.epc.Cfg.Client.ConnectionType == e2e.ClientTLS {
+		if cx.epc.Cfg.Client.AutoTLS {
 			fmap["insecure-transport"] = "false"
 			fmap["insecure-skip-tls-verify"] = "true"
-		} else if cx.epc.Cfg.IsClientCRL {
+		} else if cx.epc.Cfg.Client.RevokeCerts {
 			fmap["cacert"] = e2e.CaPath
 			fmap["cert"] = e2e.RevokedCertPath
 			fmap["key"] = e2e.RevokedPrivateKeyPath
diff --git a/tests/e2e/discovery_v3_test.go b/tests/e2e/discovery_v3_test.go
index 648ee7b9a31..26eb809dcf6 100644
--- a/tests/e2e/discovery_v3_test.go
+++ b/tests/e2e/discovery_v3_test.go
@@ -51,8 +51,8 @@ func testClusterUsingV3Discovery(t *testing.T, discoveryClusterSize, targetClust
 	ds, err := e2e.NewEtcdProcessCluster(context.TODO(), t,
 		e2e.WithBasePort(2000),
 		e2e.WithClusterSize(discoveryClusterSize),
-		e2e.WithClientTLS(clientTlsType),
-		e2e.WithIsClientAutoTLS(isClientAutoTls),
+		e2e.WithClientConnType(clientTlsType),
+		e2e.WithClientAutoTLS(isClientAutoTls),
 	)
 	if err != nil {
 		t.Fatalf("could not start discovery etcd cluster (%v)", err)
diff --git a/tests/e2e/etcd_grpcproxy_test.go b/tests/e2e/etcd_grpcproxy_test.go
index 273aa876a92..a807162ef75 100644
--- a/tests/e2e/etcd_grpcproxy_test.go
+++ b/tests/e2e/etcd_grpcproxy_test.go
@@ -57,7 +57,7 @@ func TestGrpcProxyAutoSync(t *testing.T) {
 		assert.NoError(t, proxyProc.Stop())
 	}()
 
-	proxyCtl, err := e2e.NewEtcdctl(e2e.DefaultConfig(), []string{proxyClientURL})
+	proxyCtl, err := e2e.NewEtcdctl(e2e.ClientConfig{}, []string{proxyClientURL})
 	require.NoError(t, err)
 	err = proxyCtl.Put(ctx, "k1", "v1", config.PutOptions{})
 	require.NoError(t, err)
diff --git a/tests/e2e/v2store_deprecation_test.go b/tests/e2e/v2store_deprecation_test.go
index b7074029a1d..cb1d7b38b11 100644
--- a/tests/e2e/v2store_deprecation_test.go
+++ b/tests/e2e/v2store_deprecation_test.go
@@ -114,13 +114,13 @@ func TestV2DeprecationSnapshotMatches(t *testing.T) {
 	snapshotCount := 10
 	epc := runEtcdAndCreateSnapshot(t, e2e.LastVersion, lastReleaseData, snapshotCount)
 	oldMemberDataDir := epc.Procs[0].Config().DataDirPath
-	cc1, err := e2e.NewEtcdctl(epc.Cfg, epc.EndpointsV3())
+	cc1, err := e2e.NewEtcdctl(epc.Cfg.Client, epc.EndpointsV3())
 	assert.NoError(t, err)
 	members1 := addAndRemoveKeysAndMembers(ctx, t, cc1, snapshotCount)
 	assert.NoError(t, epc.Close())
 	epc = runEtcdAndCreateSnapshot(t, e2e.CurrentVersion, currentReleaseData, snapshotCount)
 	newMemberDataDir := epc.Procs[0].Config().DataDirPath
-	cc2, err := e2e.NewEtcdctl(epc.Cfg, epc.EndpointsV3())
+	cc2, err := e2e.NewEtcdctl(epc.Cfg.Client, epc.EndpointsV3())
 	assert.NoError(t, err)
 	members2 := addAndRemoveKeysAndMembers(ctx, t, cc2, snapshotCount)
 	assert.NoError(t, epc.Close())
@@ -151,7 +151,7 @@ func TestV2DeprecationSnapshotRecover(t *testing.T) {
 	}
 	epc := runEtcdAndCreateSnapshot(t, e2e.LastVersion, dataDir, 10)
 
-	cc, err := e2e.NewEtcdctl(epc.Cfg, epc.EndpointsV3())
+	cc, err := e2e.NewEtcdctl(epc.Cfg.Client, epc.EndpointsV3())
 	assert.NoError(t, err)
 
 	lastReleaseGetResponse, err := cc.Get(ctx, "", config.GetOptions{Prefix: true})
@@ -168,7 +168,7 @@ func TestV2DeprecationSnapshotRecover(t *testing.T) {
 	epc, err = e2e.NewEtcdProcessCluster(context.TODO(), t, e2e.WithConfig(cfg))
 	assert.NoError(t, err)
 
-	cc, err = e2e.NewEtcdctl(epc.Cfg, epc.EndpointsV3())
+	cc, err = e2e.NewEtcdctl(epc.Cfg.Client, epc.EndpointsV3())
 	assert.NoError(t, err)
 	currentReleaseGetResponse, err := cc.Get(ctx, "", config.GetOptions{Prefix: true})
 	assert.NoError(t, err)
diff --git a/tests/e2e/v3_curl_test.go b/tests/e2e/v3_curl_test.go
index 9733c66b6bb..3215f1ca9a9 100644
--- a/tests/e2e/v3_curl_test.go
+++ b/tests/e2e/v3_curl_test.go
@@ -113,7 +113,7 @@ func testV3CurlPutGet(cx ctlCtx) {
 	if err := e2e.CURLPost(cx.epc, e2e.CURLReq{Endpoint: path.Join(p, "/kv/range"), Value: string(rangeData), Expected: expectGet}); err != nil {
 		cx.t.Fatalf("failed testV3CurlPutGet get with curl using prefix (%s) (%v)", p, err)
 	}
-	if cx.cfg.ClientTLS == e2e.ClientTLSAndNonTLS {
+	if cx.cfg.Client.ConnectionType == e2e.ClientTLSAndNonTLS {
 		if err := e2e.CURLPost(cx.epc, e2e.CURLReq{Endpoint: path.Join(p, "/kv/range"), Value: string(rangeData), Expected: expectGet, IsTLS: true}); err != nil {
 			cx.t.Fatalf("failed testV3CurlPutGet get with curl using prefix (%s) (%v)", p, err)
 		}
diff --git a/tests/framework/e2e/cluster.go b/tests/framework/e2e/cluster.go
index 12111b5c014..efa6cd704fa 100644
--- a/tests/framework/e2e/cluster.go
+++ b/tests/framework/e2e/cluster.go
@@ -44,6 +44,13 @@ const (
 	ClientTLSAndNonTLS
 )
 
+type ClientConfig struct {
+	ConnectionType ClientConnType
+	CertAuthority  bool
+	AutoTLS        bool
+	RevokeCerts    bool
+}
+
 // allow alphanumerics, underscores and dashes
 var testNameCleanRegex = regexp.MustCompile(`[^a-zA-Z0-9 \-_]+`)
 
@@ -60,20 +67,20 @@ func NewConfigAutoTLS() *EtcdProcessClusterConfig {
 
 func NewConfigTLS() *EtcdProcessClusterConfig {
 	return NewConfig(
-		WithClientTLS(ClientTLS),
+		WithClientConnType(ClientTLS),
 		WithIsPeerTLS(true),
 	)
 }
 
 func NewConfigClientTLS() *EtcdProcessClusterConfig {
-	return NewConfig(WithClientTLS(ClientTLS))
+	return NewConfig(WithClientConnType(ClientTLS))
 }
 
 func NewConfigClientAutoTLS() *EtcdProcessClusterConfig {
 	return NewConfig(
 		WithClusterSize(1),
-		WithIsClientAutoTLS(true),
-		WithClientTLS(ClientTLS),
+		WithClientAutoTLS(true),
+		WithClientConnType(ClientTLS),
 	)
 }
 
@@ -86,16 +93,16 @@ func NewConfigPeerTLS() *EtcdProcessClusterConfig {
 func NewConfigClientTLSCertAuth() *EtcdProcessClusterConfig {
 	return NewConfig(
 		WithClusterSize(1),
-		WithClientTLS(ClientTLS),
-		WithClientCertAuthEnabled(true),
+		WithClientConnType(ClientTLS),
+		WithClientCertAuthority(true),
 	)
 }
 
 func NewConfigClientTLSCertAuthWithNoCN() *EtcdProcessClusterConfig {
 	return NewConfig(
 		WithClusterSize(1),
-		WithClientTLS(ClientTLS),
-		WithClientCertAuthEnabled(true),
+		WithClientConnType(ClientTLS),
+		WithClientCertAuthority(true),
 		WithNoCN(true),
 	)
 }
@@ -142,13 +149,10 @@ type EtcdProcessClusterConfig struct {
 
 	SnapshotCount int // default is 10000
 
-	ClientTLS             ClientConnType
-	ClientCertAuthEnabled bool
-	IsPeerTLS             bool
-	IsPeerAutoTLS         bool
-	IsClientAutoTLS       bool
-	IsClientCRL           bool
-	NoCN                  bool
+	Client        ClientConfig
+	IsPeerTLS     bool
+	IsPeerAutoTLS bool
+	NoCN          bool
 
 	CipherSuites []string
 
@@ -226,12 +230,12 @@ func WithBasePort(port int) EPClusterOption {
 	return func(c *EtcdProcessClusterConfig) { c.BasePort = port }
 }
 
-func WithClientTLS(clientTLS ClientConnType) EPClusterOption {
-	return func(c *EtcdProcessClusterConfig) { c.ClientTLS = clientTLS }
+func WithClientConnType(clientConnType ClientConnType) EPClusterOption {
+	return func(c *EtcdProcessClusterConfig) { c.Client.ConnectionType = clientConnType }
 }
 
-func WithClientCertAuthEnabled(enabled bool) EPClusterOption {
-	return func(c *EtcdProcessClusterConfig) { c.ClientCertAuthEnabled = enabled }
+func WithClientCertAuthority(enabled bool) EPClusterOption {
+	return func(c *EtcdProcessClusterConfig) { c.Client.CertAuthority = enabled }
 }
 
 func WithIsPeerTLS(isPeerTLS bool) EPClusterOption {
@@ -242,12 +246,12 @@ func WithIsPeerAutoTLS(isPeerAutoTLS bool) EPClusterOption {
 	return func(c *EtcdProcessClusterConfig) { c.IsPeerAutoTLS = isPeerAutoTLS }
 }
 
-func WithIsClientAutoTLS(isClientAutoTLS bool) EPClusterOption {
-	return func(c *EtcdProcessClusterConfig) { c.IsClientAutoTLS = isClientAutoTLS }
+func WithClientAutoTLS(isClientAutoTLS bool) EPClusterOption {
+	return func(c *EtcdProcessClusterConfig) { c.Client.AutoTLS = isClientAutoTLS }
 }
 
-func WithIsClientCRL(isClientCRL bool) EPClusterOption {
-	return func(c *EtcdProcessClusterConfig) { c.IsClientCRL = isClientCRL }
+func WithClientRevokeCerts(isClientCRL bool) EPClusterOption {
+	return func(c *EtcdProcessClusterConfig) { c.Client.RevokeCerts = isClientCRL }
 }
 
 func WithNoCN(noCN bool) EPClusterOption {
@@ -374,7 +378,7 @@ func StartEtcdProcessCluster(ctx context.Context, epc *EtcdProcessCluster, cfg *
 }
 
 func (cfg *EtcdProcessClusterConfig) ClientScheme() string {
-	if cfg.ClientTLS == ClientTLS {
+	if cfg.Client.ConnectionType == ClientTLS {
 		return "https"
 	}
 	return "http"
@@ -426,7 +430,7 @@ func (cfg *EtcdProcessClusterConfig) EtcdServerProcessConfig(tb testing.TB, i in
 	port := cfg.BasePort + 5*i
 	curlHost := fmt.Sprintf("localhost:%d", port)
 
-	switch cfg.ClientTLS {
+	switch cfg.Client.ConnectionType {
 	case ClientNonTLS, ClientTLS:
 		curl = (&url.URL{Scheme: cfg.ClientScheme(), Host: curlHost}).String()
 		curls = []string{curl}
@@ -561,6 +565,7 @@ func (cfg *EtcdProcessClusterConfig) EtcdServerProcessConfig(tb testing.TB, i in
 		Args:         args,
 		EnvVars:      envVars,
 		TlsArgs:      cfg.TlsArgs(),
+		Client:       cfg.Client,
 		DataDirPath:  dataDirPath,
 		KeepDataDir:  cfg.KeepDataDir,
 		Name:         name,
@@ -573,8 +578,8 @@ func (cfg *EtcdProcessClusterConfig) EtcdServerProcessConfig(tb testing.TB, i in
 }
 
 func (cfg *EtcdProcessClusterConfig) TlsArgs() (args []string) {
-	if cfg.ClientTLS != ClientNonTLS {
-		if cfg.IsClientAutoTLS {
+	if cfg.Client.ConnectionType != ClientNonTLS {
+		if cfg.Client.AutoTLS {
 			args = append(args, "--auto-tls")
 		} else {
 			tlsClientArgs := []string{
@@ -584,7 +589,7 @@ func (cfg *EtcdProcessClusterConfig) TlsArgs() (args []string) {
 			}
 			args = append(args, tlsClientArgs...)
 
-			if cfg.ClientCertAuthEnabled {
+			if cfg.Client.CertAuthority {
 				args = append(args, "--client-cert-auth")
 			}
 		}
@@ -603,7 +608,7 @@ func (cfg *EtcdProcessClusterConfig) TlsArgs() (args []string) {
 		}
 	}
 
-	if cfg.IsClientCRL {
+	if cfg.Client.RevokeCerts {
 		args = append(args, "--client-crl-file", CrlPath, "--client-cert-auth")
 	}
 
@@ -784,7 +789,7 @@ func (epc *EtcdProcessCluster) Stop() (err error) {
 }
 
 func (epc *EtcdProcessCluster) Client(opts ...config.ClientOption) *EtcdctlV3 {
-	etcdctl, err := NewEtcdctl(epc.Cfg, epc.EndpointsV3(), opts...)
+	etcdctl, err := NewEtcdctl(epc.Cfg.Client, epc.EndpointsV3(), opts...)
 	if err != nil {
 		panic(err)
 	}
diff --git a/tests/framework/e2e/cluster_proxy.go b/tests/framework/e2e/cluster_proxy.go
index 3cdfac6981a..98e56352445 100644
--- a/tests/framework/e2e/cluster_proxy.go
+++ b/tests/framework/e2e/cluster_proxy.go
@@ -29,6 +29,7 @@ import (
 	"go.uber.org/zap"
 
 	"go.etcd.io/etcd/pkg/v3/expect"
+	"go.etcd.io/etcd/tests/v3/framework/config"
 )
 
 type proxyEtcdProcess struct {
@@ -99,6 +100,14 @@ func (p *proxyEtcdProcess) Close() error {
 	return err
 }
 
+func (p *proxyEtcdProcess) Client(opts ...config.ClientOption) *EtcdctlV3 {
+	etcdctl, err := NewEtcdctl(p.etcdProc.Config().Client, p.etcdProc.EndpointsV3(), opts...)
+	if err != nil {
+		panic(err)
+	}
+	return etcdctl
+}
+
 func (p *proxyEtcdProcess) Logs() LogsExpect {
 	return p.etcdProc.Logs()
 }
diff --git a/tests/framework/e2e/curl.go b/tests/framework/e2e/curl.go
index 7d81a92f3e0..46d829bf8ad 100644
--- a/tests/framework/e2e/curl.go
+++ b/tests/framework/e2e/curl.go
@@ -58,12 +58,12 @@ func CURLPrefixArgs(cfg *EtcdProcessClusterConfig, member EtcdProcess, method st
 	)
 	if req.MetricsURLScheme != "https" {
 		if req.IsTLS {
-			if cfg.ClientTLS != ClientTLSAndNonTLS {
+			if cfg.Client.ConnectionType != ClientTLSAndNonTLS {
 				panic("should not use cURLPrefixArgsUseTLS when serving only TLS or non-TLS")
 			}
 			cmdArgs = append(cmdArgs, "--cacert", CaPath, "--cert", CertPath, "--key", PrivateKeyPath)
 			acurl = ToTLS(member.Config().Acurl)
-		} else if cfg.ClientTLS == ClientTLS {
+		} else if cfg.Client.ConnectionType == ClientTLS {
 			if !cfg.NoCN {
 				cmdArgs = append(cmdArgs, "--cacert", CaPath, "--cert", CertPath, "--key", PrivateKeyPath)
 			} else {
diff --git a/tests/framework/e2e/e2e.go b/tests/framework/e2e/e2e.go
index bd26b367dbd..18edb56faa1 100644
--- a/tests/framework/e2e/e2e.go
+++ b/tests/framework/e2e/e2e.go
@@ -63,13 +63,13 @@ func (e e2eRunner) NewCluster(ctx context.Context, t testing.TB, opts ...config.
 
 	switch cfg.ClientTLS {
 	case config.NoTLS:
-		e2eConfig.ClientTLS = ClientNonTLS
+		e2eConfig.Client.ConnectionType = ClientNonTLS
 	case config.AutoTLS:
-		e2eConfig.IsClientAutoTLS = true
-		e2eConfig.ClientTLS = ClientTLS
+		e2eConfig.Client.AutoTLS = true
+		e2eConfig.Client.ConnectionType = ClientTLS
 	case config.ManualTLS:
-		e2eConfig.IsClientAutoTLS = false
-		e2eConfig.ClientTLS = ClientTLS
+		e2eConfig.Client.AutoTLS = false
+		e2eConfig.Client.ConnectionType = ClientTLS
 	default:
 		t.Fatalf("ClientTLS config %q not supported", cfg.ClientTLS)
 	}
@@ -99,7 +99,7 @@ type e2eCluster struct {
 }
 
 func (c *e2eCluster) Client(opts ...config.ClientOption) (intf.Client, error) {
-	etcdctl, err := NewEtcdctl(c.Cfg, c.EndpointsV3(), opts...)
+	etcdctl, err := NewEtcdctl(c.Cfg.Client, c.EndpointsV3(), opts...)
 	return e2eClient{etcdctl}, err
 }
 
@@ -190,7 +190,7 @@ type e2eMember struct {
 }
 
 func (m e2eMember) Client() intf.Client {
-	etcdctl, err := NewEtcdctl(m.Cfg, m.EndpointsV3())
+	etcdctl, err := NewEtcdctl(m.Cfg.Client, m.EndpointsV3())
 	if err != nil {
 		panic(err)
 	}
diff --git a/tests/framework/e2e/etcd_process.go b/tests/framework/e2e/etcd_process.go
index 90fce32953a..070a77c4d55 100644
--- a/tests/framework/e2e/etcd_process.go
+++ b/tests/framework/e2e/etcd_process.go
@@ -28,6 +28,7 @@ import (
 
 	"go.etcd.io/etcd/client/pkg/v3/fileutil"
 	"go.etcd.io/etcd/pkg/v3/expect"
+	"go.etcd.io/etcd/tests/v3/framework/config"
 )
 
 var (
@@ -39,6 +40,7 @@ type EtcdProcess interface {
 	EndpointsV2() []string
 	EndpointsV3() []string
 	EndpointsMetrics() []string
+	Client(opts ...config.ClientOption) *EtcdctlV3
 
 	Wait() error
 	Start(ctx context.Context) error
@@ -69,6 +71,7 @@ type EtcdServerProcessConfig struct {
 	TlsArgs  []string
 	EnvVars  map[string]string
 
+	Client      ClientConfig
 	DataDirPath string
 	KeepDataDir bool
 
@@ -100,6 +103,14 @@ func (ep *EtcdServerProcess) EndpointsV2() []string      { return []string{ep.cf
 func (ep *EtcdServerProcess) EndpointsV3() []string      { return ep.EndpointsV2() }
 func (ep *EtcdServerProcess) EndpointsMetrics() []string { return []string{ep.cfg.Murl} }
 
+func (epc *EtcdServerProcess) Client(opts ...config.ClientOption) *EtcdctlV3 {
+	etcdctl, err := NewEtcdctl(epc.Config().Client, epc.EndpointsV3(), opts...)
+	if err != nil {
+		panic(err)
+	}
+	return etcdctl
+}
+
 func (ep *EtcdServerProcess) Start(ctx context.Context) error {
 	ep.donec = make(chan struct{})
 	if ep.proc != nil {
diff --git a/tests/framework/e2e/etcdctl.go b/tests/framework/e2e/etcdctl.go
index 7addd9e2327..f3e0f8112ee 100644
--- a/tests/framework/e2e/etcdctl.go
+++ b/tests/framework/e2e/etcdctl.go
@@ -32,12 +32,12 @@ import (
 )
 
 type EtcdctlV3 struct {
-	cfg        *EtcdProcessClusterConfig
+	cfg        ClientConfig
 	endpoints  []string
 	authConfig clientv3.AuthConfig
 }
 
-func NewEtcdctl(cfg *EtcdProcessClusterConfig, endpoints []string, opts ...config.ClientOption) (*EtcdctlV3, error) {
+func NewEtcdctl(cfg ClientConfig, endpoints []string, opts ...config.ClientOption) (*EtcdctlV3, error) {
 	ctl := &EtcdctlV3{
 		cfg:       cfg,
 		endpoints: endpoints,
@@ -308,11 +308,11 @@ func (ctl *EtcdctlV3) cmdArgs(args ...string) []string {
 
 func (ctl *EtcdctlV3) flags() map[string]string {
 	fmap := make(map[string]string)
-	if ctl.cfg.ClientTLS == ClientTLS {
-		if ctl.cfg.IsClientAutoTLS {
+	if ctl.cfg.ConnectionType == ClientTLS {
+		if ctl.cfg.AutoTLS {
 			fmap["insecure-transport"] = "false"
 			fmap["insecure-skip-tls-verify"] = "true"
-		} else if ctl.cfg.IsClientCRL {
+		} else if ctl.cfg.RevokeCerts {
 			fmap["cacert"] = CaPath
 			fmap["cert"] = RevokedCertPath
 			fmap["key"] = RevokedPrivateKeyPath