diff --git a/CHANGELOG b/CHANGELOG
index b15e048e1..7e338e12b 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,5 +1,8 @@
 # Nmap Changelog ($Id$); -*-text-*-
 
+o [Ncat] Enable --ssl-ciphers to be used with Ncat in client mode, not only in
+  server (listen) mode. [Daniel Miller]
+
 o [GH#649] New service probe and match lines for the JMON and RSE services of
   IBM Explorer for z/OS. [Soldier of Fortran]
 
diff --git a/ncat/ncat_connect.c b/ncat/ncat_connect.c
index f2c5a6d5d..6997f1aae 100644
--- a/ncat/ncat_connect.c
+++ b/ncat/ncat_connect.c
@@ -246,6 +246,15 @@ static void set_ssl_ctx_options(SSL_CTX *ctx)
         if ((o.sslcert == NULL) != (o.sslkey == NULL))
             bye("The --ssl-key and --ssl-cert options must be used together.");
     }
+    if (o.sslciphers == NULL) {
+      if (!SSL_CTX_set_cipher_list(ctx, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"))
+        bye("Unable to set OpenSSL cipher list: %s", ERR_error_string(ERR_get_error(), NULL));
+    }
+    else {
+      printf("setting ciphers: %s\n", o.sslciphers);
+      if (!SSL_CTX_set_cipher_list(ctx, o.sslciphers))
+        bye("Unable to set OpenSSL cipher list: %s", ERR_error_string(ERR_get_error(), NULL));
+    }
 }
 #endif