1 files changed, 14 insertions, 12 deletions

diff --git a/doc/src/sgml/config.sgml b/doc/src/sgml/config.sgml
index 6fe27541cf2..faf858f04c9 100644
--- a/doc/src/sgml/config.sgml
+++ b/doc/src/sgml/config.sgml
@@ -1,4 +1,4 @@
-<!-- $PostgreSQL: pgsql/doc/src/sgml/config.sgml,v 1.278 2010/05/20 20:32:27 tgl Exp $ -->
+<!-- $PostgreSQL: pgsql/doc/src/sgml/config.sgml,v 1.279 2010/05/26 23:49:18 tgl Exp $ -->
 
 <chapter Id="runtime-config">
   <title>Server Configuration</title>
@@ -590,7 +590,7 @@ SET ENABLE_SEQSCAN TO OFF;
        </para>
       </listitem>
      </varlistentry>
-     
+
      <varlistentry id="guc-ssl" xreflabel="ssl">
       <term><varname>ssl</varname> (<type>boolean</type>)</term>
       <indexterm>
@@ -614,20 +614,22 @@ SET ENABLE_SEQSCAN TO OFF;
       </indexterm>
       <listitem>
        <para>
-        Specifies how much data can flow over an <acronym>SSL</> encrypted connection
-        before renegotiation of the session will take place. Renegotiation of the
-        session decreases the chance of doing cryptanalysis when large amounts of data
-        are sent, but it also carries a large performance penalty. The sum of
-        sent and received traffic is used to check the limit. If the parameter is
-        set to 0, renegotiation is disabled. The default is <literal>512MB</>.
+        Specifies how much data can flow over an <acronym>SSL</>-encrypted
+        connection before renegotiation of the session keys will take
+        place. Renegotiation decreases an attacker's chances of doing
+        cryptanalysis when large amounts of traffic can be examined, but it
+        also carries a large performance penalty. The sum of sent and received
+        traffic is used to check the limit. If this parameter is set to 0,
+        renegotiation is disabled. The default is <literal>512MB</>.
        </para>
        <note>
         <para>
          SSL libraries from before November 2009 are insecure when using SSL
-         renegotiation, due to a vulnerability in the SSL protocol. As a stop-gap fix
-         for this vulnerability, some vendors also shipped SSL libraries incapable
-         of doing renegotiation. If any of these libraries are in use on the client
-         or server, SSL renegotiation should be disabled.
+         renegotiation, due to a vulnerability in the SSL protocol. As a
+         stop-gap fix for this vulnerability, some vendors shipped SSL
+         libraries incapable of doing renegotiation. If any such libraries
+         are in use on the client or server, SSL renegotiation should be
+         disabled.
         </para>
        </note>
       </listitem>