diff --git a/webapps/docs/security-howto.xml b/webapps/docs/security-howto.xml
index d1979a6..fa80bb6 100644
--- a/webapps/docs/security-howto.xml
+++ b/webapps/docs/security-howto.xml
@@ -269,7 +269,27 @@
       SSL connections. By default, the default ciphers for the JVM will be used.
       This usually means that the weak export grade ciphers will be included in
       the list of available ciphers. Secure environments will normally want to
-      configure a more limited set of ciphers.</p>
+      configure a more limited set of ciphers.  This attribute accepts the
+      <a href="https://www.openssl.org/docs/apps/ciphers.html" target="_blank">
+      OpenSSL syntax</a> for including/excluding cipher suites.
+      As of 2014-11-19, with standalone Tomcat 8 and Java 8, Forward Secrecy
+      can be achieved on the
+      <a href="https://www.ssllabs.com/ssltest/index.html" target="_blank">
+      Qualys SSL/TLS test</a> by specifying only TLS protocols using
+      the sslEnabledProtocols attribute (further below) with the following
+      ciphers:
+      <code>ciphers="ALL:!aNULL:!eNULL:!EXPORT:!LOW:!MEDIUM:!3DES:<br />
+      !TLS_RSA_WITH_AES_128_CBC_SHA256:!TLS_RSA_WITH_AES_128_CBC_SHA:<br />
+      !TLS_RSA_WITH_AES_128_GCM_SHA256:@STRENGTH"</code>  Tomcat does
+      not "specify" a sort order, but it does seem to present the ciphers in
+      order because some clients (nmap) choose different protocols when
+      @STRENGTH is used.</p>
+
+      <p>The <strong>sslEnabledProtocols</strong> attribute determines which
+      versions of the SSL/TLS protocol are used.  Since the POODLE attack in
+      2014, all SSL protocols are considered unsafe and a secure setting for
+      this attribute in a standalone Tomcat setup might be
+      <code>sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"</code></p>
 
       <p>The <strong>tomcatAuthentication</strong> attribute is used with the
       AJP connectors to determine if Tomcat should authenticate the user or if
diff --git a/webapps/docs/ssl-howto.xml b/webapps/docs/ssl-howto.xml
index 8353399..52d09e4 100644
--- a/webapps/docs/ssl-howto.xml
+++ b/webapps/docs/ssl-howto.xml
@@ -25,7 +25,8 @@
     <properties>
         <author email="ccain@apache.org">Christopher Cain</author>
         <author email="yoavs@apache.org">Yoav Shapira</author>
-        <title>SSL Configuration HOW-TO</title>
+        <author email="glen@organicdesign.org">Glen Peterson</author>
+        <title>SSL/TLS Configuration HOW-TO</title>
     </properties>
 
 <body>
@@ -42,7 +43,7 @@
     directory, then $CATALINA_BASE will be set to the value of $CATALINA_HOME,
     the directory into which you have installed Tomcat.</em></p>
 
-<p>To install and configure SSL support on Tomcat, you need to follow
+<p>To install and configure SSL/TLS support on Tomcat, you need to follow
 these simple steps.  For more information, read the rest of this HOW-TO.</p>
 <ol>
 <li><p>Create a keystore file to store the server&apos;s private key and
@@ -63,15 +64,16 @@ self-signed certificate by executing the following command:</p>
 </section>
 
 
-<section name="Introduction to SSL">
+<section name="Introduction to SSL/TLS">
 
-<p>SSL, or Secure Socket Layer, is a technology which allows web browsers and
-web servers to communicate over a secured connection.  This means that the data
-being sent is encrypted by one side, transmitted, then decrypted by the other
-side before processing.  This is a two-way process, meaning that both the
-server AND the browser encrypt all traffic before sending out data.</p>
+<p>Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer
+(SSL), are technologies which allow web browsers and web servers to communicate
+over a secured connection.  This means that the data being sent is encrypted by
+one side, transmitted, then decrypted by the other side before processing.
+This is a two-way process, meaning that both the server AND the browser encrypt
+all traffic before sending out data.</p>
 
-<p>Another important aspect of the SSL protocol is Authentication.  This means
+<p>Another important aspect of the TLS protocol is Authentication.  This means
 that during your initial attempt to communicate with a web server over a secure
 connection, that server will present your web browser with a set of
 credentials, in the form of a "Certificate", as proof the site is who and what
@@ -83,11 +85,13 @@ users.  Most SSL-enabled web servers do not request Client Authentication.</p>
 
 </section>
 
-<section name="SSL and Tomcat">
+<section name="SSL/TLS and Tomcat">
 
 <p>It is important to note that configuring Tomcat to take advantage of
 secure sockets is usually only necessary when running it as a stand-alone
-web server.  When running Tomcat primarily as a Servlet/JSP container behind
+web server.  Details can be found in the
+<a href="security-howto.html">Security Considerations Document</a>.
+When running Tomcat primarily as a Servlet/JSP container behind
 another web server, such as Apache or Microsoft IIS, it is usually necessary
 to configure the primary web server to handle the SSL connections from users.
 Typically, this server will negotiate all SSL-related functionality, then