diff --git a/orderer/localconfig/config.go b/orderer/localconfig/config.go
index cf9ae921634..7f8f62c8473 100644
--- a/orderer/localconfig/config.go
+++ b/orderer/localconfig/config.go
@@ -44,12 +44,23 @@ type General struct {
 	MaxWindowSize uint32
 	ListenAddress string
 	ListenPort    uint16
+	TLS           TLS
 	GenesisMethod string
 	GenesisFile   string
 	Profile       Profile
 	LogLevel      string
 }
 
+//TLS contains config used to configure TLS for the grpc server
+type TLS struct {
+	Enabled           bool
+	ServerKey         string
+	ServerCertificate string
+	ServerRootCAs     []string
+	ClientAuthEnabled bool
+	ClientRootCAs     []string
+}
+
 // Genesis contains config which is used by the provisional bootstrapper
 type Genesis struct {
 	OrdererType  string
diff --git a/orderer/main.go b/orderer/main.go
index 9a130cd510c..9bce7a53ca0 100644
--- a/orderer/main.go
+++ b/orderer/main.go
@@ -26,6 +26,7 @@ import (
 	"os"
 
 	"github.com/hyperledger/fabric/common/flogging"
+	"github.com/hyperledger/fabric/core/comm"
 	"github.com/hyperledger/fabric/orderer/common/bootstrap/file"
 	"github.com/hyperledger/fabric/orderer/common/bootstrap/provisional"
 	"github.com/hyperledger/fabric/orderer/kafka"
@@ -41,7 +42,6 @@ import (
 
 	"github.com/Shopify/sarama"
 	logging "github.com/op/go-logging"
-	"google.golang.org/grpc"
 )
 
 var logger = logging.MustGetLogger("orderer/main")
@@ -59,14 +59,22 @@ func main() {
 		}()
 	}
 
-	grpcServer := grpc.NewServer()
-
 	lis, err := net.Listen("tcp", fmt.Sprintf("%s:%d", conf.General.ListenAddress, conf.General.ListenPort))
 	if err != nil {
 		fmt.Println("Failed to listen:", err)
 		return
 	}
 
+	//Create GRPC server - return if an error occurs
+	secureConfig := comm.SecureServerConfig{
+		UseTLS: conf.General.TLS.Enabled,
+	}
+	grpcServer, err := comm.NewGRPCServerFromListener(lis, secureConfig)
+	if err != nil {
+		fmt.Println("Failed to return new GRPC server: ", err)
+		return
+	}
+
 	var lf ordererledger.Factory
 	switch conf.General.LedgerType {
 	case "file":
@@ -135,7 +143,7 @@ func main() {
 		int(conf.General.MaxWindowSize),
 	)
 
-	ab.RegisterAtomicBroadcastServer(grpcServer, server)
+	ab.RegisterAtomicBroadcastServer(grpcServer.Server(), server)
 	logger.Infof("Beginning to serve requests")
-	grpcServer.Serve(lis)
+	grpcServer.Start()
 }
diff --git a/orderer/orderer.yaml b/orderer/orderer.yaml
index 81597a14004..5c0ea88f21d 100644
--- a/orderer/orderer.yaml
+++ b/orderer/orderer.yaml
@@ -27,6 +27,16 @@ General:
     # Listen port: The port on which to bind to listen
     ListenPort: 7050
 
+    # TLS: TLS settings for the GRPC server
+    TLS:
+        Enabled: false
+        ServerKey:
+        ServerCertificate:
+        ServerRootCAs:
+        ClientAuthEnabled: false
+        ClientRootCAs:
+
+
     # Log Level: The level at which to log.  This accepts logging specifications
     # per fabric/docs/Setup/logging-control.md
     LogLevel: info