Currently insecure communication (no TLS) is used between the client and the server. This is bad a security related application

A suggested fix would be to:

1. Extend server configuration to include properties for supplying a certificate + private key. The client configuration should include configuration for specifying a public key.
2. Bundle a hardcoded/generated TLS cert for using without explicit configuring custom TLS certs. When used in this mode, a very prominent warning should be logged both on the server and in the client, to encourage users to supply their own certs.