diff --git a/atom/browser/atom_ssl_config_service.cc b/atom/browser/atom_ssl_config_service.cc
index f19dbacf7d..0a47067b0a 100644
--- a/atom/browser/atom_ssl_config_service.cc
+++ b/atom/browser/atom_ssl_config_service.cc
@@ -5,11 +5,14 @@
 #include "atom/browser/atom_ssl_config_service.h"
 
 #include <string>
+#include <vector>
 
 #include "base/command_line.h"
+#include "base/strings/string_split.h"
 #include "atom/common/options_switches.h"
 #include "content/public/browser/browser_thread.h"
 #include "net/socket/ssl_client_socket.h"
+#include "net/ssl/ssl_cipher_suite_names.h"
 
 namespace atom {
 
@@ -26,6 +29,23 @@ uint16 GetSSLProtocolVersion(const std::string& version_string) {
   return version;
 }
 
+std::vector<uint16> ParseCipherSuites(
+    const std::vector<std::string>& cipher_strings) {
+  std::vector<uint16> cipher_suites;
+  cipher_suites.reserve(cipher_strings.size());
+
+  for (auto& cipher_string : cipher_strings) {
+    uint16 cipher_suite = 0;
+    if (!net::ParseSSLCipherString(cipher_string, &cipher_suite)) {
+      LOG(ERROR) << "Ignoring unrecognised cipher suite : "
+                 << cipher_string;
+      continue;
+    }
+    cipher_suites.push_back(cipher_suite);
+  }
+  return cipher_suites;
+}
+
 }  // namespace
 
 AtomSSLConfigService::AtomSSLConfigService() {
@@ -35,6 +55,13 @@ AtomSSLConfigService::AtomSSLConfigService() {
         cmd_line->GetSwitchValueASCII(switches::kSSLVersionFallbackMin);
     config_.version_fallback_min = GetSSLProtocolVersion(version_string);
   }
+
+  if (cmd_line->HasSwitch(switches::kCipherSuiteBlacklist)) {
+    auto cipher_strings = base::SplitString(
+        cmd_line->GetSwitchValueASCII(switches::kCipherSuiteBlacklist),
+        ",", base::TRIM_WHITESPACE, base::SPLIT_WANT_NONEMPTY);
+    config_.disabled_cipher_suites = ParseCipherSuites(cipher_strings);
+  }
 }
 
 AtomSSLConfigService::~AtomSSLConfigService() {
diff --git a/atom/common/options_switches.cc b/atom/common/options_switches.cc
index e05768b523..8ea16f27b4 100644
--- a/atom/common/options_switches.cc
+++ b/atom/common/options_switches.cc
@@ -116,6 +116,9 @@ const char kRegisterStandardSchemes[] = "register-standard-schemes";
 // TLS fallback will accept.
 const char kSSLVersionFallbackMin[] = "ssl-version-fallback-min";
 
+// Comma-separated list of SSL cipher suites to disable.
+const char kCipherSuiteBlacklist[] = "cipher-suite-blacklist";
+
 // The browser process app model ID
 const char kAppUserModelId[] = "app-user-model-id";
 
diff --git a/atom/common/options_switches.h b/atom/common/options_switches.h
index c568804c4d..33c2790cc1 100644
--- a/atom/common/options_switches.h
+++ b/atom/common/options_switches.h
@@ -59,6 +59,7 @@ extern const char kPageVisibility[];
 extern const char kDisableHttpCache[];
 extern const char kRegisterStandardSchemes[];
 extern const char kSSLVersionFallbackMin[];
+extern const char kCipherSuiteBlacklist[];
 
 extern const char kAppUserModelId[];
 
diff --git a/docs/api/chrome-command-line-switches.md b/docs/api/chrome-command-line-switches.md
index c2a39126f6..abf8726b68 100644
--- a/docs/api/chrome-command-line-switches.md
+++ b/docs/api/chrome-command-line-switches.md
@@ -92,6 +92,10 @@ Enables net log events to be saved and writes them to `path`.
 Sets the minimum SSL/TLS version ("tls1", "tls1.1" or "tls1.2") that TLS
 fallback will accept.
 
+## --cipher-suite-blacklist=`cipher_suites`
+
+Specify comma-separated list of SSL cipher suites to disable.
+
 ## --enable-logging
 
 Prints Chromium's logging into console.