How to use TLS in Libp2p

Hello, how can I use tls connection in Libp2p?
In the http , I can use the code

cfg := &tls.Config{}
	srv := &http.Server{
		Addr:      ":8443",
		Handler:   &handler{},
		TLSConfig: cfg,
	log.Fatal(srv.ListenAndServeTLS("./examples/https/server/server.crt", "./examples/https/server/server-1.key"))

to use tls.
And how can I use tls in libp2p? , I only see that I can start a host by the

libp2p.New(context.Background(), libp2p.Identity(priv))


Connections are encrypted by default, either with TLS1.3 or Noise.

If you want to explicitly set the security transports, you can pass the Security option. NOTE: if you pass any security options, you’ll override the defaults (and not all peers speak TLS, some only speak Noise).

The default options are defined in DefaultSecurity.

Thanks. The problem is authenticating. According to the go-libp2p-tls/crypto.go at 637395b963da38e3780e969bd80c6f64e74ad013 · libp2p/go-libp2p-tls · GitHub, it seems that we can verify peers. But how to pass the certs ("./examples/https/server/server.crt" ) to the libp2p host?

Peers are authenticated based on their Peer-ID (public key hash, I think), so you don’t have to do anything to verify that the host your connecting to represents the given peer.

Thanks. How IPFS peer nodes identify each other on the distributed web | by Carson Farmer | Textile | Medium.
I am a little confused about this process.