Document that null ciphers are not recommended.

author Bruce Momjian

Sat, 29 Dec 2007 04:27:02 +0000 (04:27 +0000)

committer Bruce Momjian

Sat, 29 Dec 2007 04:27:02 +0000 (04:27 +0000)
author Bruce Momjian
Sat, 29 Dec 2007 04:27:02 +0000 (04:27 +0000)
committer Bruce Momjian
Sat, 29 Dec 2007 04:27:02 +0000 (04:27 +0000)
diff --git a/doc/src/sgml/runtime.sgml b/doc/src/sgml/runtime.sgml

index 81970540edd41db394f11c85a20c338eda36bbe9..af7a7cf06ed601c282f423b1ae79d82bd12cda24 100644 (file)
--- a/doc/src/sgml/runtime.sgml
+++ b/doc/src/sgml/runtime.sgml
@@ -1,4 +1,4 @@
-
+
  
  
   Operating System Environment
@@ -1604,12 +1604,20 @@ $ kill -INT `head -1 /usr/local/pgsql/data/postmaster.pid`
     ciphers can be specified in the OpenSSL
     configuration file, you can specify ciphers specifically for use by
     the database server by modifying  in
-   postgresql    .conf.  It is possible to have authentication
-   without the overhead of encryption by using NULL-SHA or
-   NULL-MD5 ciphers.  However, a man-in-the-middle could read
-   and pass communications between client and server.
+   postgresql    .conf.
    
  
+  
+   
+    It is possible to have authentication without encryption overhead by
+    using NULL-SHA or NULL-MD5 ciphers.  However,
+    a man-in-the-middle could read and pass communications between client
+    and server.  Also, encryption overhead is minimal compared to the
+    overhead of authentication.  For these reasons NULL ciphers are not
+    recommended.
+   
+  
+
    
     To start in SSL mode, the files server.crt
     and server.key must exist in the server's data directory.
author	Bruce Momjian
	Sat, 29 Dec 2007 04:27:02 +0000 (04:27 +0000)
committer	Bruce Momjian
	Sat, 29 Dec 2007 04:27:02 +0000 (04:27 +0000)