ITS#5554

[openldap] / doc / guide / admin / tls.sdf

diff --git a/doc/guide/admin/tls.sdf b/doc/guide/admin/tls.sdf
index 9126e06ebea8d2ee58f351e05896b8d926e06c9c..a3b97f4fe93dec496f558846803e204d8dd73927 100644 (file)
--- a/doc/guide/admin/tls.sdf
+++ b/doc/guide/admin/tls.sdf
@@ -1,4 +1,5 @@
-# Copyright 1999-2006 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP$
+# Copyright 1999-2008 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 
 H1: Using TLS
@@ -9,6 +10,8 @@ integrity and confidentiality protections and to support
 LDAP authentication using the {{TERM:SASL}} {{TERM:EXTERNAL}} mechanism. 
 TLS is defined in {{REF:RFC4346}}.
 
+Note: For generating certifcates, please reference {{URL:http://www.openldap.org/faq/data/cache/185.html}}
+
 H2: TLS Certificates
 
 TLS uses {{TERM:X.509}} certificates to carry client and server
@@ -110,6 +113,11 @@ specification for OpenSSL. You can use the command
 >      openssl ciphers -v ALL
 
 to obtain a verbose list of available cipher specifications.
+
+To obtain the list of ciphers in GNUtls use:
+
+>      gnutls-cli -l
+
 Besides the individual cipher names, the specifiers {{EX:HIGH}},
 {{EX:MEDIUM}}, {{EX:LOW}}, {{EX:EXPORT}}, and {{EX:EXPORT40}}
 may be helpful, along with {{EX:TLSv1}}, {{EX:SSLv3}},
@@ -178,7 +186,7 @@ be configured on a system-wide basis, they may all be overridden by
 individual users in their {{.ldaprc}} files.
 
 The LDAP Start TLS operation is used in LDAP to initiate TLS
-negotatation.  All OpenLDAP command line tools support a {{EX:-Z}}
+negotiation.  All OpenLDAP command line tools support a {{EX:-Z}}
 and {{EX:-ZZ}} flag to indicate whether a Start TLS operation is to
 be issued.  The latter flag indicates that the tool is to cease
 processing if TLS cannot be started while the former allows the