diff --git a/lib/py/src/transport/TSSLSocket.py b/lib/py/src/transport/TSSLSocket.py
index 81e098426..b252c849b 100644
--- a/lib/py/src/transport/TSSLSocket.py
+++ b/lib/py/src/transport/TSSLSocket.py
@@ -45,7 +45,8 @@ class TSSLSocket(TSocket.TSocket):
                ca_certs=None,
                keyfile=None,
                certfile=None,
-               unix_socket=None):
+               unix_socket=None,
+               ciphers=None):
     """Create SSL TSocket
 
     @param validate: Set to False to disable SSL certificate validation
@@ -58,6 +59,9 @@ class TSSLSocket(TSocket.TSocket):
     @type keyfile: str
     @param certfile: The cert file
     @type certfile: str
+    @param ciphers: The cipher suites to allow. This is passed to
+                    the ssl_wrap function as the 'ciphers' parameter.
+    @type ciphers: str
     
     Raises an IOError exception if validate is True and the ca_certs file is
     None, not present or unreadable.
@@ -72,6 +76,7 @@ class TSSLSocket(TSocket.TSocket):
     self.ca_certs = ca_certs
     self.keyfile = keyfile
     self.certfile = certfile
+    self.ciphers = ciphers
     if validate:
       if ca_certs is None or not os.access(ca_certs, os.R_OK):
         raise IOError('Certificate Authority ca_certs file "%s" '
@@ -92,7 +97,8 @@ class TSSLSocket(TSocket.TSocket):
                                       ca_certs=self.ca_certs,
                                       keyfile=self.keyfile,
                                       certfile=self.certfile,
-                                      cert_reqs=self.cert_reqs)
+                                      cert_reqs=self.cert_reqs
+                                      ciphers=self.ciphers)
         self.handle.settimeout(self._timeout)
         try:
           self.handle.connect(ip_port)
@@ -167,7 +173,8 @@ class TSSLServerSocket(TSocket.TServerSocket):
                host=None,
                port=9090,
                certfile='cert.pem',
-               unix_socket=None):
+               unix_socket=None,
+               ciphers=None):
     """Initialize a TSSLServerSocket
 
     @param certfile: filename of the server certificate, defaults to cert.pem
@@ -178,9 +185,14 @@ class TSSLServerSocket(TSocket.TServerSocket):
     @type host: str
     @param port: The port to listen on for inbound connections.
     @type port: int
+    @param ciphers: The cipher suites to allow. This is passed to
+                    the ssl_wrap function as the 'ciphers' parameter.
+    @type ciphers: str
+
     """
     self.setCertfile(certfile)
     TSocket.TServerSocket.__init__(self, host, port)
+    self.ciphers = ciphers
 
   def setCertfile(self, certfile):
     """Set or change the server certificate file used to wrap new connections.
@@ -199,7 +211,8 @@ class TSSLServerSocket(TSocket.TServerSocket):
     plain_client, addr = self.handle.accept()
     try:
       client = ssl.wrap_socket(plain_client, certfile=self.certfile,
-                      server_side=True, ssl_version=self.SSL_VERSION)
+                      server_side=True, ssl_version=self.SSL_VERSION,
+                      ciphers=self.ciphers)
     except ssl.SSLError, ssl_exc:
       # failed handshake/ssl wrap, close socket to client
       plain_client.close()