diff --git a/data/common.yaml b/data/common.yaml
index 38edb15..7a8f692 100644
--- a/data/common.yaml
+++ b/data/common.yaml
@@ -1,16 +1,18 @@
 ---
 hitch::package_name: "hitch"
 hitch::service_name: "hitch"
 hitch::config_root: "/etc/hitch"
 hitch::config_file: "/etc/hitch/hitch.conf"
 hitch::dhparams_file: "/etc/hitch/dhparams.pem"
 hitch::dhparams_content: :undef
 hitch::purge_config_root: false
 hitch::file_owner: "root"
 hitch::frontend: "[*]:443"
 hitch::backend: "[::1]:80"
 hitch::write_proxy_v2: "off"
 hitch::ciphers: "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"
 hitch::prefer_server_ciphers: "on"
+hitch::tls_protos: :undef
+hitch::alpn_protos: :undef
 hitch::domains: {}
 hitch::manage_repo: false
diff --git a/manifests/config.pp b/manifests/config.pp
index a917351..c766d4e 100644
--- a/manifests/config.pp
+++ b/manifests/config.pp
@@ -1,63 +1,65 @@
 # == Class hitch::config
 #
 # This class is called from hitch for service config.
 #
 # @api private
 class hitch::config (
   Stdlib::Absolutepath $config_root,
   Stdlib::Absolutepath $config_file,
   Stdlib::Absolutepath $dhparams_file,
   Boolean $purge_config_root,
   String $file_owner,
   String $user,
   String $group,
   Optional[String] $dhparams_content,
   Enum['on','off'] $write_proxy_v2,
   String $frontend,
   String $backend,
   String $ciphers,
+  Optional[String] $tls_protos,
+  Optional[String] $alpn_protos,
 ) {
 
   file { $config_root:
     ensure  => directory,
     recurse => true,
     purge   => $purge_config_root,
     owner   => $file_owner,
     group   => $group,
     mode    => '0750',
   }
 
   concat { $config_file:
     ensure => present,
   }
 
   if $dhparams_content {
     file { $dhparams_file:
       ensure  => present,
       owner   => $file_owner,
       group   => $group,
       mode    => '0640',
       content => $dhparams_content,
     }
   }
   else {
     exec { "${title} generate dhparams":
       path    => '/usr/local/bin:/usr/bin:/bin',
       command => "openssl dhparam -out ${dhparams_file} 2048",
       creates => $dhparams_file,
     }
 
     -> file { $dhparams_file:
       ensure => present,
       owner  => $file_owner,
       group  => $group,
       mode   => '0640',
     }
   }
 
   concat::fragment { "${title} config":
     content => template('hitch/hitch.conf.erb'),
     target  => $config_file,
   }
 
 }
diff --git a/manifests/init.pp b/manifests/init.pp
index 9b5cb56..e644aee 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -1,92 +1,96 @@
 # Class: hitch
 # ===========================
 #
 # Full description of class hitch here.
 #
 # Parameters
 # ----------
 #
 # @param package_name [String]
 #   Package name for installing hitch.
 #
 # @param service_name [String]
 #   Service name for the hitch service.
 #
 # @param user [String]
 #   User running the service.
 #
 # @param group [String]
 #   Group running the service.
 #
 # @param file_owner [String]
 #   User owning the configuration files. Defaults to "root".
 #
 # @param dhparams_file [Stdlib::Absolutepath]
 #   Path to file for Diffie-Hellman parameters, which are shared
 #   by all domains.
 #
 # @param dhparams_content [Optional[String]]
 #   Content for the DH parameter file.  If unset, DH parameters will
 #   be generated on the node, which may take a long time.
 #
 # @param config_root [Stdlib::Absolutepath]
 #   Configuration root directory. Default: /etc/hitch/
 #
 # @param purge_config_root [Boolean]
 #   If true, will delete all unmanaged files from the config_root.
 #   Defaults to false.
 #
 # @param frontend[String]
 #   The listening frontend for hitch.
 #
 # @param manage_repo [Boolean]
 #    If true, install the EPEL repository on RedHat OS family.
 #
 class hitch (
   String $package_name,
   String $service_name,
   String $user,
   String $group,
   String $file_owner,
   Stdlib::Absolutepath $config_file,
   Stdlib::Absolutepath $dhparams_file,
   Stdlib::Absolutepath $config_root,
   Boolean $purge_config_root,
   String $frontend,
   String $backend,
   Enum['on', 'off'] $write_proxy_v2,
   String $ciphers,
+  Optional[String] $tls_protos,
+  Optional[String] $alpn_protos,
   Optional[Hash] $domains,
   Optional[String] $dhparams_content,
   Boolean $manage_repo,
 ) {
 
   class { '::hitch::install':
     package     => $package_name,
     manage_repo => $manage_repo,
   }
   -> class { '::hitch::config':
     config_root       => $config_root,
     config_file       => $config_file,
     dhparams_file     => $dhparams_file,
     dhparams_content  => $dhparams_content,
     purge_config_root => $purge_config_root,
     file_owner        => $file_owner,
     user              => $user,
     group             => $group,
     frontend          => $frontend,
     backend           => $backend,
     write_proxy_v2    => $write_proxy_v2,
     ciphers           => $ciphers,
+    tls_protos        => $tls_protos,
+    alpn_protos       => $alpn_protos,
   }
   ~> class { '::hitch::service':
     service_name => $service_name,
   }
   -> Class['::hitch']
 
   $domains.each |$domain_title, $domain_params| {
     hitch::domain { $domain_title:
       * => $domain_params,
     }
   }
 }
diff --git a/manifests/params.pp b/manifests/params.pp
new file mode 100644
index 0000000..0248e43
--- /dev/null
+++ b/manifests/params.pp
@@ -0,0 +1,42 @@
+# == Class hitch::params
+#
+# This class is meant to be called from hitch.
+# It sets variables according to platform.
+#
+class hitch::params {
+
+  $config_root           = '/etc/hitch'
+  $config_file           = '/etc/hitch/hitch.conf'
+  $dhparams_file         = '/etc/hitch/dhparams.pem'
+  $dhparams_content      = undef
+  $purge_config_root     = false
+  $file_owner            = 'root'
+
+  $frontend              = '[*]:443'
+  $backend               = '[::1]:80'
+  $write_proxy_v2        = 'off'
+  $ciphers               = 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'
+  $prefer_server_ciphers = 'on'
+  $domains               = {}
+
+  $tls_protos            = undef
+  $alpn_protos           = undef
+
+  case $::osfamily {
+    'Debian': {
+      $package_name = 'hitch'
+      $service_name = 'hitch'
+      $user         = '_hitch'
+      $group        = '_hitch'
+    }
+    'RedHat', 'Amazon': {
+      $package_name = 'hitch'
+      $service_name = 'hitch'
+      $user         = 'hitch'
+      $group        = 'hitch'
+    }
+    default: {
+      fail("${::operatingsystem} not supported")
+    }
+  }
+}
diff --git a/templates/hitch.conf.erb b/templates/hitch.conf.erb
index 094ffd7..6d94714 100644
--- a/templates/hitch.conf.erb
+++ b/templates/hitch.conf.erb
@@ -1,15 +1,23 @@
 # Configuration for hitch
 
 user     = "<%= @user %>"
 group    = "<%= @group %>"
 frontend = "<%= @frontend %>"
 backend  = "<%= @backend %>"
 
 <% if @write_proxy_v2 == "on" -%>
 # use the PROXY v2 protocol to communicate with backend
 write-proxy-v2 = "<%= @write_proxy_v2 %>"
 <% end -%>
 
 # Define a cipher list for communication
 ciphers               = "<%= @ciphers %>"
 prefer-server-ciphers = on
+
+<% if @tls_protos -%>
+tls-protos = "<%= @tls_protos %>"
+<% end -%>
+<% if @alpn_protos -%>
+alpn-protos = "<%= @alpn_protos %>"
+<% end -%>
+