diff --git a/cipher_suites.go b/cipher_suites.go
index 5a401d8..81db51f 100644
--- a/cipher_suites.go
+++ b/cipher_suites.go
@@ -59,6 +59,8 @@ func CipherSuites() []*CipherSuite {
 		{tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", supportedOnlyTLS12, false},
 		{tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", supportedOnlyTLS12, false},
 		{tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", supportedOnlyTLS12, false},
+
+		// go1.14
 		// {tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", supportedOnlyTLS12, false},
 		// {tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", supportedOnlyTLS12, false},
 	}
diff --git a/tls.go b/tls.go
index 379451d..8e6cb73 100644
--- a/tls.go
+++ b/tls.go
@@ -2,10 +2,34 @@ package main
 
 import (
 	"crypto/tls"
+	"io"
 	"log"
 	"strings"
 )
 
+func writeTLSSupportedCipherStrings(w io.Writer, min uint16) error {
+	for _, c := range CipherSuites() {
+		var found bool
+
+		for _, v := range c.SupportedVersions {
+			if v >= min {
+				found = true
+			}
+		}
+
+		if !found {
+			continue
+		}
+
+		_, err := w.Write([]byte(c.Name + "\n"))
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
 // getTLSMinVersion converts a version string into a TLS version ID.
 func getTLSMinVersion(v string) uint16 {
 	switch v {
diff --git a/webhook.go b/webhook.go
index 8d81b89..aedf7c5 100644
--- a/webhook.go
+++ b/webhook.go
@@ -40,6 +40,7 @@ var (
 	cert               = flag.String("cert", "cert.pem", "path to the HTTPS certificate pem file")
 	key                = flag.String("key", "key.pem", "path to the HTTPS certificate private key pem file")
 	justDisplayVersion = flag.Bool("version", false, "display webhook version and quit")
+	justListCiphers    = flag.Bool("list-cipher-suites", false, "list available TLS cipher suites")
 	tlsMinVersion      = flag.String("tls-min-version", "1.2", "minimum TLS version (1.0, 1.1, 1.2, 1.3)")
 	tlsCipherSuites    = flag.String("cipher-suites", "", "comma-separated list of supported TLS cipher suites")
 
@@ -82,6 +83,14 @@ func main() {
 		os.Exit(0)
 	}
 
+	if *justListCiphers {
+		err := writeTLSSupportedCipherStrings(os.Stdout, getTLSMinVersion(*tlsMinVersion))
+		if err != nil {
+			log.Fatal(err)
+		}
+		os.Exit(0)
+	}
+
 	if len(hooksFiles) == 0 {
 		hooksFiles = append(hooksFiles, "hooks.json")
 	}