Document problem with NULL SSL ciphers and man-in-the-middle attacks.

author Bruce Momjian <[email protected]>

Sat, 29 Dec 2007 03:36:56 +0000 (03:36 +0000)

committer Bruce Momjian <[email protected]>

Sat, 29 Dec 2007 03:36:56 +0000 (03:36 +0000)
author Bruce Momjian <[email protected]>
Sat, 29 Dec 2007 03:36:56 +0000 (03:36 +0000)
committer Bruce Momjian <[email protected]>
Sat, 29 Dec 2007 03:36:56 +0000 (03:36 +0000)
diff --git a/doc/src/sgml/runtime.sgml b/doc/src/sgml/runtime.sgml

index 1dba525d3cafd21932ce099d36682e3199a3f8e3..5ef91077bd000a02e670467f867082bfcf131a6b 100644 (file)
--- a/doc/src/sgml/runtime.sgml
+++ b/doc/src/sgml/runtime.sgml
@@ -1604,7 +1604,10 @@ $ <userinput>kill -INT `head -1 /usr/local/pgsql/data/postmaster.pid`</userinput
     ciphers can be specified in the <productname>OpenSSL</productname>
     configuration file, you can specify ciphers specifically for use by
     the database server by modifying <xref linkend="guc-ssl-ciphers"> in
-   <filename>postgresql.conf</>.
+   <filename>postgresql.conf</>.  It is possible to allow authentication
+   without the overhead of encryption by using <literal>NULL-SHA</> or
+   <literal>NULL-MD5</> ciphers.  However, a man-in-the-middle could read
+   and pass communications between client and server.
    </para>
  
    <para>
author	Bruce Momjian <[email protected]>
	Sat, 29 Dec 2007 03:36:56 +0000 (03:36 +0000)
committer	Bruce Momjian <[email protected]>
	Sat, 29 Dec 2007 03:36:56 +0000 (03:36 +0000)