diff --git a/components/cli/docs/sources/reference/commandline/cli.md b/components/cli/docs/sources/reference/commandline/cli.md
index 4c863ee7bd..a57b4cc28e 100644
--- a/components/cli/docs/sources/reference/commandline/cli.md
+++ b/components/cli/docs/sources/reference/commandline/cli.md
@@ -112,7 +112,12 @@ direct access to the Docker daemon - and should be secured either using the
 [built in https encrypted socket](/articles/https/), or by putting a secure web
 proxy in front of it. You can listen on port `2375` on all network interfaces
 with `-H tcp://0.0.0.0:2375`, or on a particular network interface using its IP
-address: `-H tcp://192.168.59.103:2375`.
+address: `-H tcp://192.168.59.103:2375`. It is conventional to use port `2375`
+for un-encrypted, and port `2376` for encrypted communication with the daemon.
+
+> **Note** If you're using an HTTPS encrypted socket, keep in mind that only TLS1.0
+> and greater are supported. Protocols SSLv3 and under are not supported anymore
+> for security reasons.
 
 On Systemd based systems, you can communicate with the daemon via 
 [systemd socket activation](http://0pointer.de/blog/projects/socket-activation.html), use