diff --git a/auto/gui.files.go b/auto/gui.files.go
index a982578ba..1217af057 100644
--- a/auto/gui.files.go
+++ b/auto/gui.files.go
@@ -18,7 +18,7 @@ func init() {
 	bs, _ = ioutil.ReadAll(gr)
 	Assets["angular.min.js"] = bs
 
-	bs, _ = hex.DecodeString("1f8b080000096e8800ffd43c5d73dbb6b2eff915a89a965422534eeebd9d3b56944eeba41d9f3489276ef2e2fa811221893105aa24185be3eabf9f5d00240102a4683b6953cf9c131b58ec2e7617fb05b0e3471ff324669cccb2f42aa7d911e1594147649e321eb382967f6f9222c7ffc9bfc9a3f183f1a36592cec2843c3c228b30c9012864cb220933f537023df00af825e7593ce7dee4c1834f6146f22d9bf355cc96645aae08d6695424d4f7aa396f44ce2f8613b1a0c892590868a6c4cb682ef0547001329aa5494233df3b2b478f7996008645017fc72923fec37c9e6e80c3872bce374372f380c00fe2de64f4d38b9023f2c34935baa4fced2b18c2bdd6a3483cccb8e45c6c1138c149891d59615410cc01e06637694c2ee2a53dbede9ebcc09d79c6284b238a48ce2f1c484e186ed4604fcdd32c4b33c7ba9c52f612e76c4a20799ad86c65749396bb10e3e331390335b2654e6674916694ccd234c94992a69730c239cd4c8a9c0b60e0458cdfc4d111f17e8b734e192002edc00ee7602b426be4344b793a4f132221c84f5104e2ce690e807cbb013bf438bde6f097d28234c4dd4843fe3abc3ea32c7a35dbe41afab7055fa6a8b377a8e6dfe275cc89ff2afe799c0f6bdcac58cf68d689fd1de00bd909838d7e0a93338d829c21e514f16f8d59598e1bb99abc3bfed3300be18024efe89f0500e9c20191111010ac649190510dd21f3f20395ec149a60dc923f25fe28412392b15d05ff41a855f85a7f989b1972c9c2534d288c8290273299c765ae345f3ec64fbb774de8253ccdc05e5198eff2c3da96ee1384cea711d9db1fefd293bb5d991230427dd8b2f4c3fb42ce233f7f153a74a17dffb93fb1cb9f7e64611db4f055f51081ef350b8def7c696f7223c0df3fc2acda26ea41a9442bca9475cc84b095511013cfc59319f531ad1c82f0302fec40be27f23fcbf3eaa49376631f7871373caf7be6594030397c2cd7a43f4ab61e27bab38a25e03da8e2ef8b33358a863cd2dd9a8177633e10a66262b3b5b64bf84709c6d79b5339b515e64ac6d936e31b7c9f26616ce2fa32cdd80ba811e180328fb926e676998452ae7d8b588ba6b8355c45bc03e56085ca50d3a6f22750800a15fe6238f8937ceb77076d6c0638ed694e77ebd380a79d8dc9c697613976225466003d76b2c0f6574f7dddc29e4a582f475f5ef6f671f21900420b3dcd7e3fc308080fe329caf34e4716429c62900913ffc8868a61e0c50368781f7ef4e8ed3f52665706611535ff168621078cfe3e8c292447357faef6e1eb5c4acb7a630e163e91550c7f41012b22b7f3832207804933ec21c5469e4908cc993c3c34313328e94fb297fb4ac13d63bcd2066104cebacb4319b16bc9a36e64191a83b1233d22660e1e170325885f9db2b06a9d786667c2b14e580c79fb21c9858b33b6b8467db162c4814555a6dee75c857c13abcf60f47e4ffc923a9090171c27ede729aff9e7288c4078e0cdb8242d1f36868736850ae04d74e1af2a13eb40db056e23b02216bbe223e6d13ad2594c3be5b7000dada30cce9f1b441cec6601a98be400e35cea1cb38cd3aa8e9c6f61d5659c3f43ea7cdcac74d6e3779d0ac6e2029e3456eb87b1c6ec636cc2fd285e995100efcd2148aa98245741133c8d7dca10f52247609679c797af43128d8a8413790e7c329fe0649b4623ee3e96603949d9845a5cda58ff1d0333bc888f97a75092efe3d3fbc0878fa1e0864c7a01a08368fe504e8650605bdff643831f7a1964fc9002b3a480606e4afbf483d7a122574d0dc8b9c06331b107f507389f5fd29cde6103fc225558a794c06df0d07cedd2a91681b6a06f74d7a9c408ef8e5f51db345fa05941d6109957d365d1b0af362504d2b65750ebdb62cae46934bbdb762da64f13accb64e4c0ef1992a344de28beb11a278db861dd295ad30110f04fec37e580d0d6ea0c69f22044423a799e0b19224c62e008d874953ac22da2d9214f24720e3768ad8737238451c3e5e18993d728b4e1ee01cc1512d08dec0bf272f2e4c9b43c0a66ccaf10073c6840ab2284410852b68969672c2084ac46b442442b1f7d8be4c3927e2e34169928500f4ddb089b1c3e1782fe25cedbd72c40eb19ecc714bff06a1a697b795a7aa9b6e23b435a49279bbb46c47fdd58acbf68dbd64663bc2bd32d3fda22d32ecddfccd12538c09a1a9d651975fffb143df9ac8ffb12d349c40678c6adfca07ba570dc88cc9a93034ed3aa0854d05f1896639e076f1f725c593c410783fb4d3dea36788b51112b6a4636e1777b0c68249dc7ee897218021e1546f7f20bf2559568b9248ac13a3d4c02d2abc4142d992af20dd224f5a765c25071d1b55d8204d6e358637e1dade6f9735007c0b473a480753a68acb4c1d2adc1fdc219fafe2fc8d8bd3a64e98545d6399df90b0cab92470af2c6be017b23c128bcce4be29a27df2e9239cde92a151ccb5267a4b4bd0f7be2d2fbafab62945537ae84c70c34f743f49e74560a3bd6900056f37e2fc07b2cdaf5cb5e1226ca8339e05f92689b9ef8d7067e1463b78d7dac1bb0e38c43230044765bf4973ab0f07a4401cff397bfb26c8c57562bcd8fa0627c311b959d130025773446ebce394013ffce077b02d0f441a6e802d790d30fe98a7ccdb19845d1a1960ff7bd0d60910adeb56791b6d72b361dfd66dcf57e995b75f186aa901b9e796b7c17bbe2a788467a7bb656d512ed7397b2c56814ef9eff19aa605f7cd46b90f8a7afa7f876d8dd8db6d058f9b333c34dc6589b6c832300ab5e26140afc14622ff66372a5da0cd0a92003dbdbc060377aad3003ba3c942b6771b91da08d4f67e6bc682ea3e0d0e139956beb91a0e3ea63183f3451c2680c02f8193340b1e82064e33c1b4e170d1fc4ab1ddc9f9981a08233b3eef95fc8dbe4720196d59b8069abb1ed277fb2c53fc6e98bf5f385064534ebbe5e3a268ddbc89debb5b24fbafce5c72e8972639436669d3dfd446ad9baf9ced71ba0564930fad3728ae24308990d712f2c6c9ddc51573a2d9dcc0d998e8b1cb7becb4b95b5bf27bc2ef3f11fd9ab10192894e7b2db33a70492312a58c8e483cb9ed467bd9bca2425cb2b7a02a47dbcc65c10292704efd311903c31e90ab460eca11958a58382b2fe572c3774c752a22283b5b34f21e4e5cd290983c33cfa8ac4060e2f163571f42873d8f2ff42ad1144ac7f569b9b8def1c402559c9b61b0fc996534bcecd19f90b78980a9e548cb1d6f0a4818ecd0dce2d3823ccdb85fb606c28cded5f57c0d2731e52b9a957cb625997a81dfeac77bbb71cc4d6cc7dd52fb757a881812aaa62bbf8355b3868ac0302796d9b39eed107df3ed06ead8719824dd7a287da26651b5f69a8e4519b555120fade6bbb24a0747e2d6122bae9ea6216f396ddb682b8b6980b93b796ebd03dd6b1df38486d9cbf252b53325d41f971a7c9e9b5cabbecb01797221d8da1b30c5bab1e0c47373b9c862c8fb93adad5638d43aab750e727be3155d353d7eb94d3817593efc7f1598e695a31e35db4238371c76342b004f4bbdba49fb184c0967bef371b51d3080bf83d9db955e6a455d7ae59022e32588500538cc5d572da62129133aeb019295d139d61a44cf4b077261bfadbb73398872eb596b20479fa710b3d4b1570f0ef1dfb904fbfbb78cc96ae79ee5ebfb4dfa39925583672b595554ac641557595055fa717e61cf99b6a9c533db3c2bef245bd76595646171258b6e72ac3c085349cb1d43b54dc86076230fd09162a4f99ab2195ff14796c66e7e6d15c93aae0496b2507fb5a57828f91cad3116a26e736c5f55ce2785d27d8c7b99e3e7e917281d193a707853e352e89e4af8b7d4c9f88c5ad3518f17bfeafeedb60fd4d432e70bb53d146ff9c6b87a2fe37c47ac41a84f8fc45350bb64d8c394d2d22d99aabe826a65aaed3a62cf85852ae78d9e6a6b396ae17a5367e82e78573ddadabe52c7e375b8f1dbcf502b02d55abf832ac6f840ea6efaa80ea830057d6c6f9da07f8600c942f98d52e3ae60241e45e35d81d84ec59a26523f1c9159c9a57699188a6b3df938aebe4e24df7f4f14c0cc09d0bc6355689e29f0a1ab5a3a7862956e6ad973b5accc9f35ac32620bbc564fa68157aeab31cba5cfaba5201d4d36222cb6c8260c5ec419c4d934db0ad2d55ffda9d7089eeb086c1ed09013fd93c9b5f6b560e248dc8dc26b7d9e95615eb1a18ca5bc46b7098ac0b2d629265a8ad5e826af756289cc62d6d8281e6a9b4ee401d6246a3291984c44741eaf21540199048a98c2e0258a9731cff1eba47999dfa046f0bb3cebe19f427f68945d1241f9025dbec913bf26e952fe12ce04e9213e2aaf669e1c96f522526e3c60071ea1ae9698cdad493677fa17b3aa7be0b1102042f33bd9927bb55afb1c846d0a3e22e2a5aa638b623ae0e92ff1358dfc4a80c6aada8108276033348b193e8aeacf4ff3908b41a186ca11b43d453d24adef592596e7e0b29efe2f79a4ff63e5df02723c75804e5c54bba5f474884f9c3df26b7c1bd6faf0740f665ef763a6938b7b907fe526afbf6acd525076690fb8c6db67676b8adfa37f4576269efc6aff7448b3097a1f3bbb0d677d58ba8f99f5e2a593897b50bffc024696af20e4dcd1c60ce69d4f955a8886c955b8cddf945f547f79fb76be91d7d9dfc7f17c55b0cb93179f995917ab03ed7199786e1f66220c4b298be77cfe38b87932fa61375e364b7001bc17ad1a12c0aa1239a83ad79d86720a46f68fcb40de828ecfff18fff1c7c5d82902fca2476e4f75f39f4dc9ffb4d886a67fa77d0c822018e3373f12610e053bf575e4074f87528a83f1a04d8a91485ce34fd4f7525110cace65972cf57326ffcb2447c43bf646dab0e8dfabfff44935ccb390e5f3a488ac1951eb1cd90fa7b04d03b8a7ea578dc44e434bd7408ee347eccfa41eb1b0990ef053f90161cb03f18dc7746096bde70a6700a9eee0f9b3b158f95c51b08f9b26a682c57f16a237a509a94b467f16b018ff430dcbd7c889b68b24669747350e218611a1c97a4442ce33c892e73c4b9ae68163c14350744eb33c2858be8a17bcaa1ffc4f31bdfa1026ee9ea5f8dea84f37acfc198fc9152570c68a24621e97a92848db092c3903c97e40a8986f1bd2129dd489b5543df7af79931db66a23171dccf195ec9d128a1bc9499864348cb677624fb4d7daf9dbcf439c1389f0b34ac71a513656c9a7d164b6aec59439ff170000ffff010000ffffb75e33cfab480000")
+	bs, _ = hex.DecodeString("1f8b080000096e8800ffd43c5b73db3697eff915a89a965422534e76b7b363c5e9b44edaf5e6e68993bcb87ea04448624c812a09dad6b8faefdf390048020448d176d2a69ef9bed8b89c3bce0d60c78f3ee749cc389966e9554eb303c2b3828ec82c653c66052dff5e27458eff937f9347e307e3478b249d8609797840e66192c3a2902d8a24ccd4dfb8e88157c02f39cfe219f7260f1e5c8619c9376cc697315b90c37247b04aa322a1be57cd792372763e9c880d45964c43007348bc8ce6024eb52e4042b3344968e67ba7e5e811cf1280302fe0ef3865c47f98cfd23550f870c9f97a486e1e10f841d8eb8c5ebe083902df9f54a30bcadfbd8221e4b51e45e461c625e58245a0042725742485518130870537db4963721e2fecf1d5e6f80572e619a32c8d2802393b77003966c8a8419e9aa75996668e7d39a5ec25ced99840f234b1c9cae83a2db910e3e331390535b2454ea6749e66944cd334c94992a61730c239cd4c8c9c8bc5408b18bf89a303e2bd8e734e190002ed008733b015a1357292a53c9da509912bc82f5104e2ce690e0bf9660d76e8717acde12fa5056988db9106fc4d787d4a59f46abace35f0ef0abe485167ef51cdafe355cc89ff2afe759c0f6bd8ac584d69d609fd3dc00bd93103462fc3e454c32067483945fc5b435696e306ae26ef0eff24cc423820c97bfa67018b74e180c808080876b248c8a85ed21f3e00395ac249a60dc923f0dfe28412392b15d05ff41a86df85a7f985b1972c9c2634d290c8290273299c765ac345f3ec24fb753a6b812966ee02f214c77f959e54b7701c26f5b80eced8fff1849dd8e4c8118293eecde7a61f5a14f1a9fbf8a953a58befe3f17d8edc47935184f64bc1971482c72c14aef7a3c1f24e8027619e5fa559d40d545ba500afeb914e6a3fbcd60f170c90fffbf0e1e49480472380a897ae4b7157e105c2c569319b511ad1c82fa30bfec473e27f2782893eaaa92a6631f7871373caf7be6794033717c2677b4374d261e27bcb38a25e63b51daaf0676b905007ae5b92516fec26c215194d52b6b6c87e0bc137d8f26a2736a3bcc8581b936e31b7c9f2661ace2ea22c5d83aa011f581628fb826ea66998452a81d9b688ba8bc12a7cce818f252eae72109d3691870400d02f939bc7c41be71b38882ba031476bca73bfde1c853c6c32679addc4a5580911c8c0fd1ac943992af86eea14f05241fabefaf777d3cf1095029059eeeb49c33080b3f4329c2d35e0716429c62900918cfc8c600e3d18a06c06031fdf1f1fa5ab75cac00120a4bee2d1c420e09ec5d1b925892657faef6e1ab52cafb7a6307b64e91560c75c13b2bb2b7f383256f008267d5cb357e5a44332264ff6f7f7cd9571a4dc4ff9a3a5b0b0df69063183c85ca7b88dd9b4e0d5b4318f4e11244e6246da042c3c1c4e06cb307f77c5208f5bd38c6f84a21cebf1a7ac2d26d6ecd61ae1d9a6050a22459556ccbd09f9325885d7fefe88fc2f79243521561cb35f379ce61f520e617dcf91ae5bab50f43c1ada141a982bc1b5a386e4aa0f6e63592bf22d81f8375b129fb689d612ca7e5f161c0b6d6d18e6f4f8b081ce86601a98be410e35cea1cb38cda2aae9c6761d565910f53ea7cd32ca8d6e3b79d02c9520c3e3456eb87b1c6ec636cc2dd2b9e995701df8a543a8cc0a16d179cc20f973873e4858d8059c71e6e9d1c7c0608306dd40d100a7f83b44d10af994a7eb3560764216653b973ec643cfec4023e6ebdde572f1efd9fe79c0d38f80203b02d540b0792c27402fd39c67fe93e1c4e4436d3f24032c0f21191890bffe22f5e87194d0419317390d663620fea0a6129b0527349b41fc08175429e63119fc301c38b95522d1186a06f7757a9440c2f9f5f51db379fa15941d613d967d315d1b0af362504d2b66750ebdb62cae06934bbdb7425a67f12acc364e480ef1992a344de2abeb11a2781bc30ee9cabe9a880702fe7e3fa88606d7330e5cc10a88464e33c16325518c5d0b341a264db18a68374f52c81f018ddb296203cbe11471f8686e64f6482d3a7958e7088e6a43f016fe3d7e716eda1c2e6ccaa61c0f30674ca8408b420451b882666929c78ca044bc464422141b99eddb9473223e1e94265a08403f0c9b103b1c8ef722ce15ef95237688f578862cfd1b849a5edc569eaa6eba8dd056904ae6edd2b21df5372b2edb37f69299ed0877ca4cf78bb6c8b011f4374b4c112684a6fa505d7efde70e7d6b22ffc758683881ce18d5ceca27ba530d488c49a93034ed6ea1854cb5e2926639c076d1f735c593c410783fb5e3dea16788b51122b6a463b28b1cacb060125729facd0a404838d5db1f486f8996d5a22412eac428359045053748285bf025a45be4490bc75572d0c1a882066972ab31bc0d5736bf5dd600eb5b28d297741065aab8ccd4a1c2fdc91df2f932cedfba286dea8449d535b6f90d09ab9c4b2eee95650dfc429647629399dc3745b44b3e7d84d35b32348ab9d6916f6909fadef7e5ad59df36a5684a0f9d096e784977a374de2a36da9bc6a2e0dd5a9cff40de1928576db8087bd529cf827c9dc4dcf746c859b8d60edeb576f0ae030eb10c0cc151d9afd3dceac3012a10c7ff9fbe7b1be4e26e329e6f7c8392e188dc2c691881ab392037de51ca801ebef7016ccb0391866b204bde298c3fe729f3b60662974606d8ff1eb4750244ebba55de469bdc6cd8b775dbf3657ae5ed1686da6aacdc7165dca03d5f163cc2b3d3ddb2b63097fb9c3d16ab40a7fc43bca269c17db351ee83a29efecf7e5b23f676ace07173868786bb2cc116590646a1763c0ce835d848e4df6c47a50bb4494114a0a797d760e04e751acb4e693297eddd46a43602b5cd6f4d58505dcec1612287956fae8683cf69cce07c118709e0e29740499a050f4103279920da70b8687ea5d8eee47c4c0d84911d9f774afe46e71150461b16ae00e7b687f4dd3ecb14bf7bcddf2f1c28b229a7ddf27161b46ede44efdd2d92dd57672e39f44b939c21b3b4e9ef6aa3d6cd57cef638dd6265930ead3728ae24308990d712f2c6c9ddc51573a2d9dc80d998e8c1e53d386d726b4b7e47f8fd27a25f33364032d169af6556072e6944a294d1118927b765b497cd2b2cc4257b6b55e5689bb92c584012cea83f266320d80374d5c85e39a252110b66e5a55c6ef88ea94e850465678b46dec3894b1a129367e6199515084c3c7eecea43e86bcfe273bd4a3485d2717d5a6eae399e584b15e566182c7fa6190d2f7af427e46d22406a39d292e3750109831d9a5b7c5a90a719f7cbd64098d1bbba9e6fe124a67c49b392ceb624532ff05bfd786f378eb989edb85b6abf4e0f114342d574e577b06ad6501118e6c4327bd6b31da233df6ea00e8ec324e9d643e913358baab5d7742ccaa8ad92786835df95553a2812b7965871f5340d79cb69db465b594c03ccddc973eb51e94eeb982534cc5e9697aa9d29a1fe52d5a0f3cca45af55df6c8937341d6ce8029f68d05259e9bca791643de9f6c6cb5c2a1d649ad7390db1bafe8aae9f1cb6dc2b9c8f2e1ffabc034ab1cf5a8d916c2b9e1b0a35901705aead575dac760ca75e63b1f57db0103f87b98bd5de9a576d4a5570e29325e82085580c3dc76d5621a9032a1b31e2059199d63af81f4ac7420e7f6dbba3b978328b79eb50652f4650a314b1d3bf5e010ff9d4bb0bf9f654c563b79964ff9d7e99748560d9aad645561b19255dc65adaad28fb3737bceb44d2d9ed9e6597927d9ba2eab240b8a2b5974a363e5413894b8dc3154634206b31b79800e1421cdd794cdf88a3fb23476d36bab48d671e562290bf5575b8a8792cfd11a6321ea36c7f64de57c5228ddc7b897397e997e81d291a1038737352e85eea9847f4b9d8ccfa8351df578f1abeedf6efb404d6d73be50db81f1966f8cabf732ce77c4da0af51d93780a6a970c3b88525aba2551d52755ad44b55d47ecb8b050e5bcd1536d2d472d586feb0cddb5de558fb6b6afd4f17813aefdf633d40a40b5d6efa08a313e90ba9b3eaa032a4c411fdb5927e89f2140b2507ef0d4b82b188947d1785720d8a948d344ea8723322da9d42e134371ad271fc7d5d789e4c71f895a30752e68deb12a30cfd4f2a1ab5ada7b62956e6adb73b5adcc9f35a832620bb8564fa60157eeab21cbadcfabad201d4d36222cb6c8260c5ec419c4d934db08d4d55ffdb1d7009eeb006c1ad09013fdfbcb95f6e961e248dc8dc26b759695615e91a18ca5bc46b7118ac0b2d231265a8ad5e826af746489cc6256d8281e6a4c27f2006b123589484c22223a8b5710aa004d02454c61d012c58b98e7f83dd2accc6f5023f8919ff5f04f81df37ca2e09a07c812edfe4895f9374217f09a702f5101f9557334ff6cb7a1131371eb0038d50574bc8266b92ccadfef9adea1e782c8415a1f9d16d49bddaad7d0ec2d6051f11f152d5c1a2980e78fa5b7c4d23bf12a0b1ab7620c209d8044d63868fa2fad3d33ce46250a8a172046d4f51f749eb7b5609e539b8aca7ff4d1ee9ff58f9b758393e742c9db8b0764be9e9109f387be4f7f836a4f5a1e91ec4bce9474c2715f740ffca8d5e7fd59aa5a0ecd21e708fb7cbce56143f6eff86ec4c3cf9d5fee9906673e97decec3694f521e93e66d68b964e22ee81fde22b1859be849073471b3388773e556a411a2657e1267f5b7e9efdf5eddbf9465e277f17c5b365c12e8e5f7c61625da40eb4c765e2b97d9889302ca52c9ef3f9e3e0e6c9e8a7ed78d12cc1c5e29d60d59058ac2a91bdaa73dd6928276064ffb80ce42de8f8ec8ff11f7f9c8f9d22c02f7a247baa9bffec90fc578b6d68fa77dac7200882317ef32301e650b0535f07bef77428a538180fdaa41889c435bea4be978a8250762ebb64a99f33f99f393920de9137d28645ff5efd7754aa619e852c9f254564cd885ae7c07e38856d1a807da87ed5506c35b07405e8387ec0fe4cea110b9bc3017e773f206cb127bef1381c9865ef99821940aa3b78fe6c2c763e5718ece3a689a960f19f85e84d6942ea92d19f056cc6ffeac3e20d52a27191c4ece2a08621c4302234598d48c8790659f28c6749d33c702c78088ace69960705cb97f19c57f5837f19d3ab4f61e2ee598aef8dfa74c3ca9ff1985c510267ac4822e671998a82b49d8b256520d94fb82ae69b86b4442775626d55cffd6bda6487ad62e4bc8338be94bd534291919c844946c3687327f2447bad9dbedd34c4399100bfa874ac116563957c1a4d66eb5a4c99f37f000000ffff010000ffffe00d9c80f8480000")
 	gr, _ = gzip.NewReader(bytes.NewBuffer(bs))
 	bs, _ = ioutil.ReadAll(gr)
 	Assets["app.js"] = bs
diff --git a/cmd/syncthing/gui.go b/cmd/syncthing/gui.go
index 355dec5e7..5bd57528f 100644
--- a/cmd/syncthing/gui.go
+++ b/cmd/syncthing/gui.go
@@ -13,6 +13,7 @@ import (
 	"sync"
 	"time"
 
+	"crypto/tls"
 	"code.google.com/p/go.crypto/bcrypt"
 	"github.com/calmh/syncthing/config"
 	"github.com/calmh/syncthing/logger"
@@ -42,9 +43,30 @@ func init() {
 }
 
 func startGUI(cfg config.GUIConfiguration, m *model.Model) error {
-	listener, err := net.Listen("tcp", cfg.Address)
-	if err != nil {
-		return err
+	var listener net.Listener
+	var err error
+	if cfg.UseTLS {
+		cert, err := loadCert(confDir, "https-")
+		if err != nil {
+			newCertificate(confDir, "https-")
+			cert, err = loadCert(confDir, "https-")
+		}
+		if err != nil {
+			return err
+		}
+		tlsCfg := &tls.Config{
+			Certificates: []tls.Certificate{cert},
+			ServerName:   "syncthing",
+		}
+		listener, err = tls.Listen("tcp", cfg.Address, tlsCfg)
+		if err != nil {
+			return err
+		}
+	} else {
+		listener, err = net.Listen("tcp", cfg.Address)
+		if err != nil {
+			return err
+		}
 	}
 
 	router := martini.NewRouter()
diff --git a/cmd/syncthing/main.go b/cmd/syncthing/main.go
index a14621f05..5f20825bb 100644
--- a/cmd/syncthing/main.go
+++ b/cmd/syncthing/main.go
@@ -144,10 +144,10 @@ func main() {
 	// Ensure that our home directory exists and that we have a certificate and key.
 
 	ensureDir(confDir, 0700)
-	cert, err := loadCert(confDir)
+	cert, err := loadCert(confDir, "")
 	if err != nil {
-		newCertificate(confDir)
-		cert, err = loadCert(confDir)
+		newCertificate(confDir, "")
+		cert, err = loadCert(confDir, "")
 		l.FatalErr(err)
 	}
 
@@ -272,13 +272,18 @@ func main() {
 				hostShow = hostOpen
 			}
 
-			l.Infof("Starting web GUI on http://%s:%d/", hostShow, addr.Port)
+			var proto = "http"
+			if cfg.GUI.UseTLS {
+				proto = "https"
+			}
+
+			l.Infof("Starting web GUI on %s://%s:%d/", proto, hostShow, addr.Port)
 			err := startGUI(cfg.GUI, m)
 			if err != nil {
 				l.Fatalln("Cannot start GUI:", err)
 			}
 			if cfg.Options.StartBrowser && len(os.Getenv("STRESTART")) == 0 {
-				openURL(fmt.Sprintf("http://%s:%d", hostOpen, addr.Port))
+				openURL(fmt.Sprintf("%s://%s:%d", proto, hostOpen, addr.Port))
 			}
 		}
 	}
diff --git a/cmd/syncthing/tls.go b/cmd/syncthing/tls.go
index 63f6c8025..fc3cb5355 100644
--- a/cmd/syncthing/tls.go
+++ b/cmd/syncthing/tls.go
@@ -22,8 +22,8 @@ const (
 	tlsName    = "syncthing"
 )
 
-func loadCert(dir string) (tls.Certificate, error) {
-	return tls.LoadX509KeyPair(filepath.Join(dir, "cert.pem"), filepath.Join(dir, "key.pem"))
+func loadCert(dir string, prefix string) (tls.Certificate, error) {
+	return tls.LoadX509KeyPair(filepath.Join(dir, prefix+"cert.pem"), filepath.Join(dir, prefix+"key.pem"))
 }
 
 func certID(bs []byte) string {
@@ -40,7 +40,7 @@ func certSeed(bs []byte) int64 {
 	return int64(binary.BigEndian.Uint64(id))
 }
 
-func newCertificate(dir string) {
+func newCertificate(dir string, prefix string) {
 	l.Infoln("Generating RSA certificate and key...")
 
 	priv, err := rsa.GenerateKey(rand.Reader, tlsRSABits)
@@ -65,13 +65,13 @@ func newCertificate(dir string) {
 	derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, &priv.PublicKey, priv)
 	l.FatalErr(err)
 
-	certOut, err := os.Create(filepath.Join(dir, "cert.pem"))
+	certOut, err := os.Create(filepath.Join(dir, prefix+"cert.pem"))
 	l.FatalErr(err)
 	pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
 	certOut.Close()
 	l.Okln("Created RSA certificate file")
 
-	keyOut, err := os.OpenFile(filepath.Join(dir, "key.pem"), os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
+	keyOut, err := os.OpenFile(filepath.Join(dir, prefix+"key.pem"), os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
 	l.FatalErr(err)
 	pem.Encode(keyOut, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(priv)})
 	keyOut.Close()
diff --git a/config/config.go b/config/config.go
index e5f601f74..a08491953 100644
--- a/config/config.go
+++ b/config/config.go
@@ -73,6 +73,7 @@ type GUIConfiguration struct {
 	Address  string `xml:"address" default:"127.0.0.1:8080"`
 	User     string `xml:"user,omitempty"`
 	Password string `xml:"password,omitempty"`
+	UseTLS   bool   `xml:"tls,attr"`
 }
 
 func setDefaults(data interface{}) error {
diff --git a/gui/app.js b/gui/app.js
index f08bb9047..f57a225bd 100644
--- a/gui/app.js
+++ b/gui/app.js
@@ -40,6 +40,7 @@ syncthing.controller('SyncthingCtrl', function ($scope, $http) {
     {id: 'Address', descr: 'GUI Listen Addresses', type: 'text', restart: true},
     {id: 'User', descr: 'GUI Authentication User', type: 'text', restart: true},
     {id: 'Password', descr: 'GUI Authentication Password', type: 'password', restart: true},
+    {id: 'UseTLS', descr: 'Use HTTPS for GUI', type: 'bool', restart: true},
     ];
 
     function getSucceeded() {