For maximum security, follow these recommendations.
Use your own ca, key, and crt files. Search engines will provide helpful information (look for instructions on how to create CA and generate SSL/TLS certificates and keys).
If you know your clients, select the mode Client certificate.
The encrypted data will reach the port you have specified. It is best to limit the IP addresses to your expected clients, e.g. to only a part of your local network.
TLS V1.2 and TLS V1.3 are supported.
Use ca, key and crt files. Obtain the files from your TLS server administrator.
Use the mode Client certificate to connect to your server (the authentication method is specified in the TLS server settings).