diff --git a/conf.yaml b/conf.yaml
index bdea289..d989266 100644
--- a/conf.yaml
+++ b/conf.yaml
@@ -8,3 +8,4 @@ user: bel
 pass: bel
 rate: 1
 burst: 2
+timeout: 10
diff --git a/server/server.go b/server/server.go
index 0ea0ee4..249cf2f 100644
--- a/server/server.go
+++ b/server/server.go
@@ -2,6 +2,7 @@ package server
 
 import (
 	"context"
+	"crypto/tls"
 	"encoding/base64"
 	"errors"
 	"local/rproxy3/config"
@@ -60,10 +61,28 @@ func (s *Server) Run() error {
 	log.Printf("Listening for %v on %v...\n", scheme, s.addr)
 	switch scheme {
 	case schemeHTTP:
+		log.Printf("Serve http")
 		return http.ListenAndServe(s.addr, s)
 	case schemeHTTPS:
+		log.Printf("Serve https")
 		c, k, _ := config.GetSSL()
-		return http.ListenAndServeTLS(s.addr, c, k, s)
+		httpsServer := &http.Server{
+			Addr:    s.addr,
+			Handler: s,
+			TLSConfig: &tls.Config{
+				MinVersion:               tls.VersionTLS12,
+				CurvePreferences:         []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256},
+				PreferServerCipherSuites: true,
+				CipherSuites: []uint16{
+					tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+					tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+					tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
+					tls.TLS_RSA_WITH_AES_256_CBC_SHA,
+				},
+			},
+			TLSNextProto: make(map[string]func(*http.Server, *tls.Conn, http.Handler), 0),
+		}
+		return httpsServer.ListenAndServeTLS(c, k)
 	}
 	return errors.New("did not load server")
 }