diff --git a/ncat/docs/ncat.xml b/ncat/docs/ncat.xml
index 441809048..34f41f9ba 100644
--- a/ncat/docs/ncat.xml
+++ b/ncat/docs/ncat.xml
@@ -381,6 +381,20 @@
use its default certificates.
+
+
+
+ (Specify SSL ciphersuites)
+ (Ncat option)
+
+
+ This option sets the list of ciphersuites that Ncat will use
+ when connecting to servers or when accepting SSL connections from
+ clients. The syntax is described in the OpenSSL ciphers(1) man
+ page, and defaults to
+ ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH
+
+
diff --git a/ncat/docs/ncatguide.xml b/ncat/docs/ncatguide.xml
index d23d42403..8816c4187 100644
--- a/ncat/docs/ncatguide.xml
+++ b/ncat/docs/ncatguide.xml
@@ -427,6 +427,24 @@ Content-Type: text/html; charset=UTF-8
checking.
+
+ SSL ciphersin Ncat
+ SSL connections depend on the client and server agreeing on a common
+ ciphersuite: a combination of key exchange, symmetric cipher, and message
+ integrity mechanism. The choice of which ciphersuites to offer (as a
+ client) or accept (as a server) is a matter of choice between the greatest
+ compatibility and the greatest security. The default set, expressed as an
+ OpenSSL cipherlist, is
+ ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH, a reasonable balance
+ between the two ends of the spectrum. To set a different priority or
+ initial choice, use the option.
+ (Ncat option)
+
+ ncat --ssl-ciphers HIGH:!aNULL:!eNULLserver 443
+
+
+ (Ncat option)
+
SSLin Ncatcertificateautomatic generation ofcertificate
diff --git a/ncat/ncat_main.c b/ncat/ncat_main.c
index 7eecd3b9a..270799c8a 100644
--- a/ncat/ncat_main.c
+++ b/ncat/ncat_main.c
@@ -621,6 +621,7 @@ int main(int argc, char *argv[])
" --ssl-key Specify SSL private key (PEM) for listening\n"
" --ssl-verify Verify trust and domain name of certificates\n"
" --ssl-trustfile PEM file containing trusted SSL certificates\n"
+" --ssl-ciphers Cipherlist containing SSL ciphers to use\n"
#endif
" --version Display Ncat's version information and exit\n"
"\n"