diff --git a/www/Makefile b/www/Makefile
index d7bcd6d80d7d..57eb56952c18 100644
--- a/www/Makefile
+++ b/www/Makefile
@@ -427,6 +427,7 @@
     SUBDIR += mod_scgi
     SUBDIR += mod_security
     SUBDIR += mod_setenvifplus
+    SUBDIR += mod_tls
     SUBDIR += mod_umask
     SUBDIR += mod_webauth
     SUBDIR += mod_webkit
diff --git a/www/mod_tls/Makefile b/www/mod_tls/Makefile
new file mode 100644
index 000000000000..66fd64fc1032
--- /dev/null
+++ b/www/mod_tls/Makefile
@@ -0,0 +1,39 @@
+PORTNAME=	mod_tls
+PORTVERSION=	0.14.0
+CATEGORIES=	www security
+MASTER_SITES=	https://github.com/icing/mod_tls/releases/download/v${DISTVERSION}/
+PKGNAMEPREFIX=	${APACHE_PKGNAMEPREFIX}
+
+MAINTAINER=	brnrd@FreeBSD.org
+COMMENT=	rustls based TLS for Apache httpd
+WWW=		https://github.com/icing/mod_tls
+
+LICENSE=	APACHE20
+LICENSE_FILE=	${WRKSRC}/LICENSE
+
+BUILD_DEPENDS=	rustls-ffi==0.14.0:security/rustls-ffi
+LIB_DEPENDS=	librustls.so:security/rustls-ffi
+
+INSTALL_TARGET=	install-strip
+
+USES=		apache libtool
+GNU_CONFIGURE=	yes
+CONFIGURE_ARGS=	--with-rustls=${LOCALBASE}
+
+MODULENAME=	mod_tls
+
+SUB_FILES=	001-mod_tls.conf
+PORTDOCS=	README README.md
+
+OPTIONS_DEFINE=	DOCS
+
+.include <bsd.port.pre.mk>
+
+post-install:
+	${STRIP_CMD} ${STAGEDIR}${PREFIX}/${APACHEMODDIR}/${MODULENAME}.so.0.0.0
+	${MKDIR} ${STAGEDIR}${PREFIX}/${APACHEETCDIR}/modules.d
+	${INSTALL_DATA} ${WRKDIR}/001-mod_tls.conf \
+		${STAGEDIR}${PREFIX}/${APACHEETCDIR}/modules.d/001-mod_tls.conf.sample
+	${RM} ${STAGEDIR}${DOCSDIR}/LICENSE
+
+.include <bsd.port.post.mk>
diff --git a/www/mod_tls/distinfo b/www/mod_tls/distinfo
new file mode 100644
index 000000000000..d9c451c07181
--- /dev/null
+++ b/www/mod_tls/distinfo
@@ -0,0 +1,3 @@
+TIMESTAMP = 1730551891
+SHA256 (mod_tls-0.14.0.tar.gz) = 701db868a4fb2cd85b272e5defc2841dcc81eda2546bfa6fbf5c209774b4edcb
+SIZE (mod_tls-0.14.0.tar.gz) = 563693
diff --git a/www/mod_tls/files/001-mod_tls.conf.in b/www/mod_tls/files/001-mod_tls.conf.in
new file mode 100644
index 000000000000..3f2bd2b240b7
--- /dev/null
+++ b/www/mod_tls/files/001-mod_tls.conf.in
@@ -0,0 +1,21 @@
+# To enable, uncomment the LoadModule line
+
+# LoadModule tls_module %%APACHE_MODDIR%%/mod_tls.so
+
+<IfModule tls_module>
+    TLSEngine 443
+    TLSStrictSNI on
+</IfModule>
+
+# Switching from mod_ssl to mod_tls
+#
+# Replace the mod_ssl config
+#
+#     SSLEngine on
+#     SSLCertificateFile file_with_certificate.pem
+#     SSLCertificateKeyFile file_with_key.pem
+#
+# with
+#
+#     TLSEngine 443
+#     TLSCertificate file_with_certificate.pem file_with_key.pem
diff --git a/www/mod_tls/pkg-descr b/www/mod_tls/pkg-descr
new file mode 100644
index 000000000000..c4767ff09d20
--- /dev/null
+++ b/www/mod_tls/pkg-descr
@@ -0,0 +1,2 @@
+A module for Apache httpd that uses rustls to provide a memory safe TLS
+implementation in Rust.
diff --git a/www/mod_tls/pkg-message b/www/mod_tls/pkg-message
new file mode 100644
index 000000000000..41ad11adbc90
--- /dev/null
+++ b/www/mod_tls/pkg-message
@@ -0,0 +1,18 @@
+[
+{ type: install
+  message: <<EOM
+
+To enable mod_tls, uncomment the LoadModule line in
+apache24/modules.d/001-mod_tls.conf
+
+    LoadModule tls_module  ${modDir}/mod_tls.so
+
+This module can co-exist with mod_ssl, it is your configuration that
+uses one or the other.
+
+To switch from mod_ssl, check the documentation on
+https://github.com/icing/mod_tls#configuration.
+
+EOM
+}
+]
diff --git a/www/mod_tls/pkg-plist b/www/mod_tls/pkg-plist
new file mode 100644
index 000000000000..98d22e927cf9
--- /dev/null
+++ b/www/mod_tls/pkg-plist
@@ -0,0 +1,8 @@
+@sample %%APACHEETCDIR%%/modules.d/001-mod_tls.conf.sample
+lib/mod_tls.a
+lib/%%AP_MODULE%%
+lib/%%AP_MODULE%%.0
+lib/%%AP_MODULE%%.0.0.0
+%%APACHEMODDIR%%/%%AP_MODULE%%
+%%APACHEMODDIR%%/%%AP_MODULE%%.0.0.0
+