Document problem with NULL SSL ciphers and man-in-the-middle attacks.

author Bruce Momjian <bruce@momjian.us>

Sat, 29 Dec 2007 03:36:56 +0000 (03:36 +0000)

committer Bruce Momjian <bruce@momjian.us>

Sat, 29 Dec 2007 03:36:56 +0000 (03:36 +0000)
author Bruce Momjian <bruce@momjian.us>
Sat, 29 Dec 2007 03:36:56 +0000 (03:36 +0000)
committer Bruce Momjian <bruce@momjian.us>
Sat, 29 Dec 2007 03:36:56 +0000 (03:36 +0000)
diff --git a/doc/src/sgml/runtime.sgml b/doc/src/sgml/runtime.sgml

index 356a1d295c82157c13334f952662d0fec57149ca..166d86a623cb6a971a5b3a4cab4b9ba250dc1267 100644 (file)
--- a/doc/src/sgml/runtime.sgml
+++ b/doc/src/sgml/runtime.sgml
@@ -1,4 +1,4 @@
-<!-- $PostgreSQL: pgsql/doc/src/sgml/runtime.sgml,v 1.397 2007/12/25 17:06:52 momjian Exp $ -->
+<!-- $PostgreSQL: pgsql/doc/src/sgml/runtime.sgml,v 1.398 2007/12/29 03:36:56 momjian Exp $ -->
  
  <chapter Id="runtime">
   <title>Operating System Environment</title>
@@ -1604,7 +1604,10 @@ $ <userinput>kill -INT `head -1 /usr/local/pgsql/data/postmaster.pid`</userinput
     ciphers can be specified in the <productname>OpenSSL</productname>
     configuration file, you can specify ciphers specifically for use by
     the database server by modifying <xref linkend="guc-ssl-ciphers"> in
-   <filename>postgresql.conf</>.
+   <filename>postgresql.conf</>.  It is possible to allow authentication
+   without the overhead of encryption by using <literal>NULL-SHA</> or
+   <literal>NULL-MD5</> ciphers.  However, a man-in-the-middle could read
+   and pass communications between client and server.
    </para>
  
    <para>
author	Bruce Momjian <bruce@momjian.us>
	Sat, 29 Dec 2007 03:36:56 +0000 (03:36 +0000)
committer	Bruce Momjian <bruce@momjian.us>
	Sat, 29 Dec 2007 03:36:56 +0000 (03:36 +0000)