1 files changed, 14 insertions, 6 deletions

diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js
index 4ec92801b..0efc6327b 100644
--- a/lib/_tls_wrap.js
+++ b/lib/_tls_wrap.js
@@ -32,6 +32,7 @@ var common = require('_tls_common');
 
 var Timer = process.binding('timer_wrap').Timer;
 var tls_wrap = process.binding('tls_wrap');
+var constants = process.binding('constants');
 
 // Lazy load
 var tls_legacy;
@@ -722,12 +723,16 @@ Server.prototype.setOptions = function(options) {
   if (options.dhparam) this.dhparam = options.dhparam;
   if (options.sessionTimeout) this.sessionTimeout = options.sessionTimeout;
   if (options.ticketKeys) this.ticketKeys = options.ticketKeys;
-  var secureOptions = options.secureOptions || 0;
-  if (options.honorCipherOrder)
-    this.honorCipherOrder = true;
-  else
-    this.honorCipherOrder = false;
-  if (secureOptions) this.secureOptions = secureOptions;
+
+  var secureOptions = crypto._getSecureOptions(options.secureProtocol,
+                                               options.secureOptions);
+
+  if (options.honorCipherOrder) {
+    secureOptions |= constants.SSL_OP_CIPHER_SERVER_PREFERENCE;
+  }
+
+  this.secureOptions = secureOptions;
+
   if (options.NPNProtocols) tls.convertNPNProtocols(options.NPNProtocols, this);
   if (options.sessionIdContext) {
     this.sessionIdContext = options.sessionIdContext;
@@ -828,6 +833,9 @@ exports.connect = function(/* [port, host], options, cb */) {
 
   options = util._extend(defaults, options || {});
 
+  options.secureOptions = crypto._getSecureOptions(options.secureProtocol,
+                                                   options.secureOptions);
+
   assert(typeof options.checkServerIdentity === 'function');
 
   var hostname = options.servername ||