From 59538ebb8d5a6729f9aa1eb3545ab51b4442e60a Mon Sep 17 00:00:00 2001
From: kobelb <brandon.kobel@elastic.co>
Date: Thu, 27 Oct 2016 16:26:10 -0400
Subject: [PATCH] doc: adding tls.createServer secureOptions section

---
 doc/api/tls.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/doc/api/tls.md b/doc/api/tls.md
index 9ef2c90ad40939..caa5fe7874d0e6 100644
--- a/doc/api/tls.md
+++ b/doc/api/tls.md
@@ -1027,6 +1027,11 @@ added: v0.3.2
     force SSL version 3. The possible values depend on the version of OpenSSL
     installed in the environment and are defined in the constant
     [SSL_METHODS][].
+  * `secureOptions` {number} The options via bitmask affecting the protocol
+    behavior of SSL. This can be used to limit the versions of SSL/TLS, e.q.
+    `crypto.constants.SSL_OP_NO_TLSv1 | crypto.constants.SSL_OP_NO_TLSv1_1` to
+    deny TLSv1 and TLSv1.1 connections. For more details, see
+    [OpenSSL Options][].
 * `secureConnectionListener` {Function}
 
 Creates a new [tls.Server][].  The `secureConnectionListener`, if provided, is
@@ -1279,3 +1284,4 @@ where `secure_socket` has the same API as `pair.cleartext`.
 [`tls.TLSSocket.getPeerCertificate()`]: #tls_tlssocket_getpeercertificate_detailed
 [`tls.createSecureContext()`]: #tls_tls_createsecurecontext_options
 [`tls.connect()`]: #tls_tls_connect_options_callback
+[OpenSSL Options]: crypto.html#crypto_openssl_options