diff --git a/.gitignore b/.gitignore
index 3b0bccf..4526a6e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,5 @@
 # Project binary
 poseidon
+# TLS certificate/key
+*.crt
+*.key
diff --git a/config/config.go b/config/config.go
index b3e1521..90e22f9 100644
--- a/config/config.go
+++ b/config/config.go
@@ -1,6 +1,7 @@
 package config
 
 import (
+	"crypto/tls"
 	"flag"
 	"fmt"
 	"gitlab.hpi.de/codeocean/codemoon/poseidon/logging"
@@ -14,8 +15,11 @@ import (
 var (
 	Config = &configuration{
 		Server: server{
-			Address: "127.0.0.1",
-			Port:    3000,
+			Address:  "127.0.0.1",
+			Port:     3000,
+			TLS:      false,
+			CertFile: "",
+			KeyFile:  "",
 		},
 		Nomad: nomad{
 			Address: "",
@@ -26,12 +30,20 @@ var (
 			Level: "INFO",
 		},
 	}
-	log = logging.GetLogger("config")
+	log       = logging.GetLogger("config")
+	TLSConfig = &tls.Config{
+		MinVersion:               tls.VersionTLS13,
+		CurvePreferences:         []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256},
+		PreferServerCipherSuites: true,
+	}
 )
 
 type server struct {
-	Address string
-	Port    int
+	Address  string
+	Port     int
+	TLS      bool
+	CertFile string
+	KeyFile  string
 }
 
 type nomad struct {
diff --git a/configuration.yaml.example b/configuration.yaml.example
index c340be0..0b21cd4 100644
--- a/configuration.yaml.example
+++ b/configuration.yaml.example
@@ -1,6 +1,9 @@
 server:
   address: 127.0.0.1
   port: 3000
+  tls: false
+  certfile: ./poseidon.crt
+  keyfile: ./poseidon.key
 nomad:
   address: http://127.0.0.1:4646
   token: SECRET
diff --git a/main.go b/main.go
index 63e8bde..b0813ca 100644
--- a/main.go
+++ b/main.go
@@ -28,7 +28,18 @@ func main() {
 
 	log.WithField("address", server.Addr).Info("Starting server")
 	go func() {
-		if err := server.ListenAndServe(); err != nil {
+		var err error
+		if config.Config.Server.TLS {
+			server.TLSConfig = config.TLSConfig
+			log.
+				WithField("CertFile", config.Config.Server.CertFile).
+				WithField("KeyFile", config.Config.Server.KeyFile).
+				Debug("Using TLS")
+			err = server.ListenAndServeTLS(config.Config.Server.CertFile, config.Config.Server.KeyFile)
+		} else {
+			err = server.ListenAndServe()
+		}
+		if err != nil {
 			if err == http.ErrServerClosed {
 				log.WithError(err).Info("Server closed")
 			} else {