From 15ff5401d1719aaf6c9a47e5abea517cc2bcbaf1 Mon Sep 17 00:00:00 2001 From: Michael Paquier Date: Fri, 25 Jun 2021 11:29:03 +0900 Subject: [PATCH] doc: Add acronyms for MITM and SNI This adds MITM and SNI as acronyms, as the documentation already had them marked up with . While on it, make sure to spell man-in-the-middle with dashes consistently, and add acronyms for those new terms where appropriate. Author: Daniel Gustafsson Reviewed-by: Michael Paquier Discussion: https://postgr.es/m/CE12DD5C-4BB3-4166-BC9A-39779568734C@yesql.se --- doc/src/sgml/acronyms.sgml | 23 +++++++++++++++++++++++ doc/src/sgml/config.sgml | 2 +- doc/src/sgml/libpq.sgml | 13 ++++++------- 3 files changed, 30 insertions(+), 8 deletions(-) diff --git a/doc/src/sgml/acronyms.sgml b/doc/src/sgml/acronyms.sgml index 13bd819eb1..9ed148ab84 100644 --- a/doc/src/sgml/acronyms.sgml +++ b/doc/src/sgml/acronyms.sgml @@ -410,6 +410,17 @@ + + MITM + + + + Man-in-the-middle attack + + + + MSVC @@ -590,6 +601,18 @@ + + SNI + + + + Server Name Indication, + RFC 6066 + + + + SPI diff --git a/doc/src/sgml/config.sgml b/doc/src/sgml/config.sgml index f5a753e589..03b33cfb7e 100644 --- a/doc/src/sgml/config.sgml +++ b/doc/src/sgml/config.sgml @@ -1378,7 +1378,7 @@ include_dir 'conf.d' Disables anonymous cipher suites that do no authentication. Such - cipher suites are vulnerable to man-in-the-middle attacks and + cipher suites are vulnerable to MITM attacks and therefore should not be used. diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml index 441cc0da3a..641970f2a6 100644 --- a/doc/src/sgml/libpq.sgml +++ b/doc/src/sgml/libpq.sgml @@ -1783,18 +1783,17 @@ postgresql://%2Fvar%2Flib%2Fpostgresql/dbname By default, libpq sets the TLS extension Server Name - Indication (SNI) on SSL-enabled connections. See RFC 6066 - for details. By setting this parameter to 0, this is turned off. + Indication (SNI) on SSL-enabled connections. + By setting this parameter to 0, this is turned off. The Server Name Indication can be used by SSL-aware proxies to route connections without having to decrypt the SSL stream. (Note that this requires a proxy that is aware of the PostgreSQL protocol handshake, - not just any SSL proxy.) However, SNI makes the destination host name - appear in cleartext in the network traffic, so it might be undesirable - in some cases. + not just any SSL proxy.) However, SNI makes the + destination host name appear in cleartext in the network traffic, so + it might be undesirable in some cases. @@ -8430,7 +8429,7 @@ ldap://ldap.acme.com/cn=dbserver,cn=hosts?pgconnectinfo?base?(objectclass=*) - Man in the middle (MITM) + Man-in-the-middle (MITM) If a third party can modify the data while passing between the client and server, it can pretend to be the server and therefore see and