diff --git a/gax-java/gax/src/main/java/com/google/api/gax/rpc/EndpointContext.java b/gax-java/gax/src/main/java/com/google/api/gax/rpc/EndpointContext.java
index 0148c07a01..a263561381 100644
--- a/gax-java/gax/src/main/java/com/google/api/gax/rpc/EndpointContext.java
+++ b/gax-java/gax/src/main/java/com/google/api/gax/rpc/EndpointContext.java
@@ -332,6 +332,10 @@ boolean shouldUseS2A() {
         return false;
       }
 
+      if (Strings.isNullOrEmpty(mtlsEndpoint())) {
+        return false;
+      }
+
       // mTLS via S2A is not supported in any universe other than googleapis.com.
       return mtlsEndpoint().contains(Credentials.GOOGLE_DEFAULT_UNIVERSE);
     }
diff --git a/gax-java/gax/src/test/java/com/google/api/gax/rpc/EndpointContextTest.java b/gax-java/gax/src/test/java/com/google/api/gax/rpc/EndpointContextTest.java
index 5561427dde..79be69d386 100644
--- a/gax-java/gax/src/test/java/com/google/api/gax/rpc/EndpointContextTest.java
+++ b/gax-java/gax/src/test/java/com/google/api/gax/rpc/EndpointContextTest.java
@@ -508,6 +508,20 @@ void shouldUseS2A_customEndpointSetViaTransportChannelProvider_returnsFalse() th
     Truth.assertThat(defaultEndpointContextBuilder.shouldUseS2A()).isFalse();
   }
 
+  @Test
+  void shouldUseS2A_mtlsEndpointNull_returnsFalse() throws IOException {
+    EnvironmentProvider envProvider = Mockito.mock(EnvironmentProvider.class);
+    Mockito.when(envProvider.getenv(EndpointContext.S2A_ENV_ENABLE_USE_S2A)).thenReturn("true");
+    defaultEndpointContextBuilder =
+        defaultEndpointContextBuilder
+            .setEnvProvider(envProvider)
+            .setClientSettingsEndpoint("")
+            .setTransportChannelProviderEndpoint("")
+            .setUsingGDCH(false)
+            .setMtlsEndpoint(null);
+    Truth.assertThat(defaultEndpointContextBuilder.shouldUseS2A()).isFalse();
+  }
+
   @Test
   void shouldUseS2A_mtlsEndpointEmpty_returnsFalse() throws IOException {
     EnvironmentProvider envProvider = Mockito.mock(EnvironmentProvider.class);