diff --git a/tls.go b/internal/https/tls.go
similarity index 79%
rename from tls.go
rename to internal/https/tls.go
index 526fd36..3ffbe30 100644
--- a/tls.go
+++ b/internal/https/tls.go
@@ -1,4 +1,4 @@
-package main
+package https
 
 import (
 	"crypto/tls"
@@ -7,7 +7,7 @@ import (
 	"strings"
 )
 
-func writeTLSSupportedCipherStrings(w io.Writer, min uint16) error {
+func WriteTLSSupportedCipherStrings(w io.Writer, min uint16) error {
 	for _, c := range tls.CipherSuites() {
 		var found bool
 
@@ -30,8 +30,8 @@ func writeTLSSupportedCipherStrings(w io.Writer, min uint16) error {
 	return nil
 }
 
-// getTLSMinVersion converts a version string into a TLS version ID.
-func getTLSMinVersion(v string) uint16 {
+// GetTLSMinVersion converts a version string into a TLS version ID.
+func GetTLSMinVersion(v string) uint16 {
 	switch v {
 	case "1.0":
 		return tls.VersionTLS10
@@ -47,9 +47,9 @@ func getTLSMinVersion(v string) uint16 {
 	}
 }
 
-// getTLSCipherSuites converts a comma separated list of cipher suites into a
+// GetTLSCipherSuites converts a comma separated list of cipher suites into a
 // slice of TLS cipher suite IDs.
-func getTLSCipherSuites(v string) []uint16 {
+func GetTLSCipherSuites(v string) []uint16 {
 	supported := tls.CipherSuites()
 
 	if v == "" {
diff --git a/webhook.go b/webhook.go
index 011a18b..8885d17 100644
--- a/webhook.go
+++ b/webhook.go
@@ -17,6 +17,7 @@ import (
 	"time"
 
 	"github.com/adnanh/webhook/internal/hook"
+	"github.com/adnanh/webhook/internal/https"
 	"github.com/adnanh/webhook/internal/middleware"
 	"github.com/adnanh/webhook/internal/pidfile"
 	"github.com/adnanh/webhook/internal/platform"
@@ -109,7 +110,7 @@ func main() {
 	}
 
 	if *justListCiphers {
-		err := writeTLSSupportedCipherStrings(os.Stdout, getTLSMinVersion(*tlsMinVersion))
+		err := https.WriteTLSSupportedCipherStrings(os.Stdout, https.GetTLSMinVersion(*tlsMinVersion))
 		if err != nil {
 			fmt.Println(err)
 			os.Exit(1)
@@ -300,9 +301,9 @@ func main() {
 
 	// Server HTTPS
 	svr.TLSConfig = &tls.Config{
-		CipherSuites:             getTLSCipherSuites(*tlsCipherSuites),
+		CipherSuites:             https.GetTLSCipherSuites(*tlsCipherSuites),
 		CurvePreferences:         []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256},
-		MinVersion:               getTLSMinVersion(*tlsMinVersion),
+		MinVersion:               https.GetTLSMinVersion(*tlsMinVersion),
 		PreferServerCipherSuites: true,
 	}
 	svr.TLSNextProto = make(map[string]func(*http.Server, *tls.Conn, http.Handler)) // disable http/2