From c4eb8632996c8e1250695cedbb26dda122bd7244 Mon Sep 17 00:00:00 2001
From: Ander Juaristi <a@juaristi.eus>
Date: Thu, 3 May 2018 13:45:01 +0200
Subject: [PATCH] * doc/wget.texi: Add description for --ciphers

---
 doc/wget.texi | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/doc/wget.texi b/doc/wget.texi
index 5fd11137..eaf6b380 100644
--- a/doc/wget.texi
+++ b/doc/wget.texi
@@ -1794,11 +1794,20 @@ the correct protocol version.  Fortunately, such servers are quite rare.
 Specifying @samp{PFS} enforces the use of the so-called Perfect Forward
 Security cipher suites. In short, PFS adds security by creating a one-time
 key for each SSL connection. It has a bit more CPU impact on client and server.
-We use known to be secure ciphers (e.g. no MD4) and the TLS protocol.
+We use known to be secure ciphers (e.g. no MD4) and the TLS protocol. This mode
+also explicitly excludes non-PFS key exchange methods, such as RSA.
 
 @item --https-only
 When in recursive mode, only HTTPS links are followed.
 
+@item --ciphers
+Set the cipher list string. Typically this string sets the
+cipher suites and other SSL/TLS options that the user wish should be used, in a
+set order of preference (GnuTLS calls it 'priority string'). This string
+will be fed verbatim to the SSL/TLS engine (OpenSSL or GnuTLS) and hence
+its format and syntax is dependant on that. Wget will not process or manipulate it
+in any way. Refer to the OpenSSL or GnuTLS documentation for more information.
+
 @cindex SSL certificate, check
 @item --no-check-certificate
 Don't check the server certificate against the available certificate