diff --git a/app.go b/app.go
index 0d473a6f..ba2fce74 100644
--- a/app.go
+++ b/app.go
@@ -25,7 +25,7 @@ var VersionString = "undefined"
 var httpServer *http.Server
 var httpsServer struct {
 	server     *http.Server
-	cond       *sync.Cond // reacts to config.TLS.PortHTTPS, CertificateChain and PrivateKey
+	cond       *sync.Cond // reacts to config.TLS.Enabled, PortHTTPS, CertificateChain and PrivateKey
 	sync.Mutex            // protects config.TLS
 }
 
@@ -173,7 +173,7 @@ func run(args options) {
 		for { // this is an endless loop
 			httpsServer.cond.L.Lock()
 			// this mechanism doesn't let us through until all conditions are ment
-			for config.TLS.PortHTTPS == 0 || config.TLS.PrivateKey == "" || config.TLS.CertificateChain == "" { // sleep until neccessary data is supplied
+			for config.TLS.Enabled == false || config.TLS.PortHTTPS == 0 || config.TLS.PrivateKey == "" || config.TLS.CertificateChain == "" { // sleep until neccessary data is supplied
 				httpsServer.cond.Wait()
 			}
 			address := net.JoinHostPort(config.BindHost, strconv.Itoa(config.TLS.PortHTTPS))
diff --git a/config.go b/config.go
index 799fbc12..a003d593 100644
--- a/config.go
+++ b/config.go
@@ -62,6 +62,7 @@ type dnsConfig struct {
 var defaultDNS = []string{"tls://1.1.1.1", "tls://1.0.0.1"}
 
 type tlsConfigSettings struct {
+	Enabled        bool   `yaml:"enaled" json:"enabled"`
 	ServerName     string `yaml:"server_name" json:"server_name,omitempty"`
 	ForceHTTPS     bool   `yaml:"force_https" json:"force_https,omitempty"`
 	PortHTTPS      int    `yaml:"port_https" json:"port_https,omitempty"`
diff --git a/dns.go b/dns.go
index 4a5102d5..adb0d896 100644
--- a/dns.go
+++ b/dns.go
@@ -51,9 +51,11 @@ func generateServerConfig() dnsforward.ServerConfig {
 		Filters:         filters,
 	}
 
-	newconfig.TLSConfig = config.TLS.TLSConfig
-	if config.TLS.PortDNSOverTLS != 0 {
-		newconfig.TLSListenAddr = &net.TCPAddr{IP: net.ParseIP(config.DNS.BindHost), Port: config.TLS.PortDNSOverTLS}
+	if config.TLS.Enabled {
+		newconfig.TLSConfig = config.TLS.TLSConfig
+		if config.TLS.PortDNSOverTLS != 0 {
+			newconfig.TLSListenAddr = &net.TCPAddr{IP: net.ParseIP(config.DNS.BindHost), Port: config.TLS.PortDNSOverTLS}
+		}
 	}
 
 	for _, u := range config.DNS.UpstreamDNS {