From a294aeef0315817fa230bb4e048564d2aea5cdf7 Mon Sep 17 00:00:00 2001
From: Chad Johnston <cjohnston@megatome.com>
Date: Tue, 12 May 2015 16:07:33 -0600
Subject: [PATCH] doc: Using ciphers with tls.connect()

Refs #25270,#25271

Reviewed-By: Michael Dawson <mhdawsonibm@gmail.com>
PR-URL: https://github.com/joyent/node/pull/25325
---
 doc/api/tls.markdown | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/doc/api/tls.markdown b/doc/api/tls.markdown
index 410d88300c8..dc3a0431bee 100644
--- a/doc/api/tls.markdown
+++ b/doc/api/tls.markdown
@@ -182,7 +182,7 @@ automatically set as a listener for the [secureConnection][] event.  The
     on the format.
 
     `ECDHE-RSA-AES128-SHA256`, `DHE-RSA-AES128-SHA256` and
-    `AES128-GCM-SHA256` are TLS v1.2 ciphers and used when node.js is
+    `AES128-GCM-SHA256` are TLS v1.2 ciphers and used when Node.js is
     linked against OpenSSL 1.0.1 or newer, such as the bundled version
     of OpenSSL.  Note that it is still possible for a TLS v1.2 client
     to negotiate a weaker cipher unless `honorCipherOrder` is enabled.
@@ -341,6 +341,20 @@ Creates a new client connection to the given `port` and `host` (old API) or
   - `path`: Creates unix socket connection to path. If this option is
     specified, `host` and `port` are ignored.
 
+  - `ciphers`: A string describing the ciphers to use or exclude.
+
+    Defaults to
+    `ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:AES128-GCM-SHA256:HIGH:!RC4:!MD5:!aNULL`.
+    Consult the [OpenSSL cipher list format documentation] for details
+    on the format.
+
+	The full list of available ciphers can be obtained via [tls.getCiphers][].
+
+    `ECDHE-RSA-AES128-SHA256`, `DHE-RSA-AES128-SHA256` and
+    `AES128-GCM-SHA256` are TLS v1.2 ciphers and used when Node.js is
+    linked against OpenSSL 1.0.1 or newer, such as the bundled version
+    of OpenSSL.
+
   - `pfx`: A string or `Buffer` containing the private key, certificate and
     CA certs of the client in PFX or PKCS12 format.
 
@@ -835,6 +849,7 @@ The numeric representation of the local port.
 
 [OpenSSL cipher list format documentation]: http://www.openssl.org/docs/apps/ciphers.html#CIPHER_LIST_FORMAT
 [BEAST attacks]: http://blog.ivanristic.com/2011/10/mitigating-the-beast-attack-on-tls.html
+[tls.getCiphers]: #tls_tls_getciphers
 [tls.createServer]: #tls_tls_createserver_options_secureconnectionlistener
 [tls.createSecurePair]: #tls_tls_createsecurepair_credentials_isserver_requestcert_rejectunauthorized
 [tls.TLSSocket]: #tls_class_tls_tlssocket