Document problem with NULL SSL ciphers and man-in-the-middle attacks.

400be4ef · Bruce Momjian · f5678e8e · 400be4ef
Commit 400be4ef authored Dec 29, 2007 by Bruce Momjian
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 2 deletions

doc/src/sgml/runtime.sgml doc/src/sgml/runtime.sgml +5 -2

No files found.
--- a/doc/src/sgml/runtime.sgml
+++ b/doc/src/sgml/runtime.sgml
-<!-- $PostgreSQL: pgsql/doc/src/sgml/runtime.sgml,v 1.397 2007/12/25 17:06:52 momjian Exp $ -->
+<!-- $PostgreSQL: pgsql/doc/src/sgml/runtime.sgml,v 1.398 2007/12/29 03:36:56 momjian Exp $ -->

 <chapter Id="runtime">
 <title>Operating System Environment</title>
@@ -1604,7 +1604,10 @@ $ <userinput>kill -INT `head -1 /usr/local/pgsql/data/postmaster.pid`</userinput
   ciphers can be specified in the <productname>OpenSSL</productname>
   configuration file, you can specify ciphers specifically for use by
   the database server by modifying <xref linkend="guc-ssl-ciphers"> in
-   <filename>postgresql.conf</>.
+   <filename>postgresql.conf</>.  It is possible to allow authentication
+   without the overhead of encryption by using <literal>NULL-SHA</> or
+   <literal>NULL-MD5</> ciphers.  However, a man-in-the-middle could read
+   and pass communications between client and server.
  </para>

  <para>