# Configuring Hush for secure peer-to-peer connections
## Connection settings:
### Default (Mixed TLS + regular connections):
This option is on by default and enables only minimal privacy since a large portion of peer-to-peer connections will likely still be regular connections. No additional actions are required to enable this option.
### Basic Privacy and Security (Forced TLS connections + no certificate verification):
This option enables basic privacy since all peer-to-peer connections are forced over TLS, however, certificates for peers are not validated.
To enable this option turn on the following flag in your `hush.conf` file:
This option enables the highest privacy + security by forcing TLS connections and validating peer certificates.
To enable this option turn on the following two flags in your `hush.conf` file:
1.`tlsforce=1`
2.`tlsvalidate=1`
## Standing up your own "secure" node with a valid certificate:
This guide requires having your own domain. You can still use all of the above connection options without setting up your own secure node, however, peers using the `tlsvalidate=1` flag will not connect to your node.
1. Create an A record pointing to the IP address of your node on the DNS control panel for your domain. You can set the `host` entry to anything you like such as `hnode`. This A record should then be reachable as `host.mydomain.com` (we will refer to this as your `FQDN` from now on).
2. Ensure your domain name as propagated and matches the public IP address of your node by pinging your `FQDN`
*`ping FQDN`
3. Install the acme script to create a certificate: