You can enable TLS support by specifying PEM-encoded X.509 certificate
and private key files. Go's TLS implementation supports TLS 1.3, HTTP/2
negotiation, Keep-Alives, modern ciphersuites and ECC.

For example generate some self-signed certificate using GnuTLS toolset:

    $ certtool --generate-privkey --ecc --outfile prv.pem
    $ cert_template=$(mktemp)
    $ echo cn=gocheese.host > $cert_template
    $ certtool \
        --generate-self-signed \
        --load-privkey=prv.pem \
        --template $cert_template \
        --outfile=cert.pem
    $ rm $cert_template
    $ gocheese -tls-cert cert.pem -tls-key prv.pem [...]