1 files changed, 9 insertions, 9 deletions

diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js
index 7a685042f3..d2eb7befea 100644
--- a/lib/_tls_wrap.js
+++ b/lib/_tls_wrap.js
@@ -1109,9 +1109,9 @@ function SNICallback(servername, callback) {
 //
 //
 function normalizeConnectArgs(listArgs) {
-  var args = net._normalizeArgs(listArgs);
-  var options = args[0];
-  var cb = args[1];
+  const args = net._normalizeArgs(listArgs);
+  const options = args[0];
+  const cb = args[1];
 
   // If args[0] was options, then normalize dealt with it.
   // If args[0] is port, or args[0], args[1] is host, port, we need to
@@ -1119,12 +1119,12 @@ function normalizeConnectArgs(listArgs) {
   // the host/port/path args that it knows about, not the tls options.
   // This means that options.host overrides a host arg.
   if (listArgs[1] !== null && typeof listArgs[1] === 'object') {
-    util._extend(options, listArgs[1]);
+    Object.assign(options, listArgs[1]);
   } else if (listArgs[2] !== null && typeof listArgs[2] === 'object') {
-    util._extend(options, listArgs[2]);
+    Object.assign(options, listArgs[2]);
   }
 
-  return (cb) ? [options, cb] : [options];
+  return cb ? [options, cb] : [options];
 }
 
 function onConnectSecure() {
@@ -1205,14 +1205,14 @@ exports.connect = function connect(...args) {
                         'certificate verification.');
   }
 
-  var defaults = {
+  options = {
     rejectUnauthorized: !allowUnauthorized,
     ciphers: tls.DEFAULT_CIPHERS,
     checkServerIdentity: tls.checkServerIdentity,
-    minDHSize: 1024
+    minDHSize: 1024,
+    ...options
   };
 
-  options = util._extend(defaults, options || {});
   if (!options.keepAlive)
     options.singleUse = true;