Clean up implementation for SSLOptions

[thirdparty/cups.git] / doc / help / man-cupsd.conf.html

diff --git a/doc/help/man-cupsd.conf.html b/doc/help/man-cupsd.conf.html
index 908234855edfe7bdab4bbedce2e77a35aa7f8633..1a22a8618d8557ebc636a98d56926c20d047b732 100644 (file)
--- a/doc/help/man-cupsd.conf.html
+++ b/doc/help/man-cupsd.conf.html
@@ -283,9 +283,9 @@ The default is "Minimal".
 <dd style="margin-left: 5.0em"><dt><b>SSLOptions None</b>
 <dd style="margin-left: 5.0em">Sets encryption options.
 By default, CUPS only supports encryption using TLS v1.0 or higher using known secure cipher suites.
-The <i>AllowDH</i> option enables cipher suites using plain Diffie-Hellman key negotiation.
-The <i>AllowRC4</i> option enables the 128-bit RC4 cipher suites, which are required for some older clients that do not implement newer ones.
-The <i>AllowSSL3</i> option enables SSL v3.0, which is required for some older clients that do not support TLS v1.0.
+The <i>AllowDH</i> option enables cipher suites using the horribly insecure anonymous Diffie-Hellman key negotiation which is vulnerable to man-in-the-middle attacks.
+The <i>AllowRC4</i> option enables the insecure 128-bit RC4 cipher suites, which are required for some older clients that do not implement newer ones.
+The <i>AllowSSL3</i> option enables the insecure SSL v3.0 protocol, which is required for some older clients that do not support TLS v1.0.
 The <i>DenyCBC</i> option disables all CBC cipher suites.
 The <i>DenyTLS1.0</i> option disables TLS v1.0 support - this sets the minimum protocol version to TLS v1.1.
 <dt><a name="SSLPort"></a><b>SSLPort </b><i>port</i>