From 443ee504e65bcac11566ae7e65b2936b20a1e0b0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Karel=20Sedl=C3=A0=C4=8Dek?= <k@ksdlck.com>
Date: Sun, 3 Feb 2013 12:16:48 +0100
Subject: [PATCH] update TLS doc to reflect absence of ECDHE

---
 doc/api/tls.markdown | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/doc/api/tls.markdown b/doc/api/tls.markdown
index 28bc05630e6..00df4bf8a7d 100644
--- a/doc/api/tls.markdown
+++ b/doc/api/tls.markdown
@@ -116,6 +116,13 @@ automatically set as a listener for the [secureConnection][] event.  The
     linked against OpenSSL 1.0.1 or newer and the client speaks TLS 1.2, RC4 is
     used as a secure fallback.
 
+    **NOTE**: The default highest-preference cipher suite
+    `ECDHE-RSA-AES128-SHA256` will not be used because the developers of
+    Node.js insist on neither implementing advertised functionality nor
+    accepting a 120-line patch contributed by a volunteer containing said
+    functionality. Please note that only cipher suites using ECDHE (ephemeral
+    ECDH) are affected.
+
     **NOTE**: Previous revisions of this section suggested `AES256-SHA` as an
     acceptable cipher. Unfortunately, `AES256-SHA` is a CBC cipher and therefore
     susceptible to BEAST attacks. Do *not* use it.