ITS#10496 - Remove MozNSS references from lloadd.conf(5)

diff --git a/doc/man/man5/lloadd.conf.5 b/doc/man/man5/lloadd.conf.5
index a7ac3d55a6c12867226b0777caff7e0f56568b9b..7fa8aa940f2ab58b97689f046ce25fa653e16238 100644 (file)
--- a/doc/man/man5/lloadd.conf.5
+++ b/doc/man/man5/lloadd.conf.5
@@ -471,7 +471,7 @@ option.
 .B TLSCipherSuite <cipher-suite-spec>
 Permits configuring what ciphers will be accepted and the preference order.
 <cipher-suite-spec> should be a cipher specification for the TLS library
-in use (OpenSSL, GnuTLS, or Mozilla NSS).
+in use (OpenSSL or GnuTLS).
 This directive is not supported when using MbedTLS.
 Example:
 .RS
@@ -503,13 +503,6 @@ In older versions of GnuTLS, where gnutls\-cli does not support the option
        gnutls\-cli \-l
 .fi
 
-When using Mozilla NSS, the OpenSSL cipher suite specifications are used and
-translated into the format used internally by Mozilla NSS.  There isn't an easy
-way to list the cipher suites from the command line.  The authoritative list
-is in the source code for Mozilla NSS in the file sslinfo.c in the structure
-.nf
-        static const SSLCipherSuiteInfo suiteInfo[]
-.fi
 .RE
 .TP
 .B TLSCACertificateFile <filename>
@@ -528,32 +521,11 @@ Specifies the path of a directory that contains Certificate Authority
 certificates in separate individual files. Usually only one of this
 or the TLSCACertificateFile is used. This directive is not supported
 when using GnuTLS.
-
-When using Mozilla NSS, <path> may contain a Mozilla NSS cert/key
-database.  If <path> contains a Mozilla NSS cert/key database and
-CA cert files, OpenLDAP will use the cert/key database and will
-ignore the CA cert files.
 .TP
 .B TLSCertificateFile <filename>
 Specifies the file that contains the
 .B lloadd
 server certificate.
-
-When using Mozilla NSS, if using a cert/key database (specified with
-TLSCACertificatePath), TLSCertificateFile specifies
-the name of the certificate to use:
-.nf
-       TLSCertificateFile Server-Cert
-.fi
-If using a token other than the internal built in token, specify the
-token name first, followed by a colon:
-.nf
-       TLSCertificateFile my hardware device:Server-Cert
-.fi
-Use certutil \-L to list the certificates by name:
-.nf
-       certutil \-d /path/to/certdbdir \-L
-.fi
 .TP
 .B TLSCertificateKeyFile <filename>
 Specifies the file that contains the
@@ -562,18 +534,6 @@ server private key that matches the certificate stored in the
 .B TLSCertificateFile
 file.  Currently, the private key must not be protected with a password, so
 it is of critical importance that it is protected carefully.
-
-When using Mozilla NSS, TLSCertificateKeyFile specifies the name of
-a file that contains the password for the key for the certificate specified with
-TLSCertificateFile.  The modutil command can be used to turn off password
-protection for the cert/key database.  For example, if TLSCACertificatePath
-specifies /etc/openldap/certdb as the location of the cert/key database, use
-modutil to change the password to the empty string:
-.nf
-       modutil \-dbdir /etc/openldap/certdb \-changepw 'NSS Certificate DB'
-.fi
-You must have the old password, if any.  Ignore the WARNING about the running
-browser.  Press 'Enter' for the new password.
 .TP
 .B TLSDHParamFile <filename>
 This directive specifies the file that contains parameters for Diffie-Hellman
@@ -586,16 +546,13 @@ actual client or server authentication and provide no protection against
 man-in-the-middle attacks.
 You should append "!ADH" to your cipher suites to ensure that these suites
 are not used.
-When using Mozilla NSS these parameters are always generated randomly
-so this directive is ignored.
 This directive is not supported when using MbedTLS.
 .TP
 .B TLSECName <name>
 Specify the name of a curve to use for Elliptic curve Diffie-Hellman
 ephemeral key exchange.  This is required to enable ECDHE algorithms in
 OpenSSL.  This option is not used with GnuTLS; the curves may be
-chosen in the GnuTLS ciphersuite specification. This option is also
-ignored for Mozilla NSS.
+chosen in the GnuTLS ciphersuite specification.
 .TP
 .B TLSProtocolMin <major>[.<minor>]
 Specifies minimum SSL/TLS protocol version that will be negotiated.
@@ -618,7 +575,7 @@ This directive is ignored with GnuTLS.
 Specifies the file to obtain random bits from when /dev/[u]random
 is not available.  Generally set to the name of the EGD/PRNGD socket.
 The environment variable RANDFILE can also be used to specify the filename.
-This directive is ignored with GnuTLS and Mozilla NSS.
+This directive is ignored with GnuTLS.
 .TP
 .B TLSVerifyClient <level>
 Specifies what checks to perform on client certificates in an
@@ -653,7 +610,7 @@ Specifies if the Certificate Revocation List (CRL) of the CA should be
 used to verify if the client certificates have not been revoked. This
 requires
 .B TLSCACertificatePath
-parameter to be set. This directive is ignored with GnuTLS and Mozilla NSS.
+parameter to be set. This directive is ignored with GnuTLS.
 .B <level>
 can be specified as one of the following keywords:
 .RS
@@ -671,7 +628,7 @@ Check the CRL for a whole certificate chain
 .B TLSCRLFile <filename>
 Specifies a file containing a Certificate Revocation List to be used
 for verifying that certificates have not been revoked. This directive is
-only valid when using GnuTLS and Mozilla NSS.
+only valid when using GnuTLS.
 
 .SH BACKEND CONFIGURATION
 Options in this section describe how the