diff --git a/doc/man/man5/slapd.access.5 b/doc/man/man5/slapd.access.5
index a72e56db5c2f5340ff60227cbf7935610d287a88..f2d9f3b647f40b7e96ac46f7f400881e88036791 100644
--- a/doc/man/man5/slapd.access.5
+++ b/doc/man/man5/slapd.access.5
@@ -534,7 +534,8 @@ The statements
 .BR tls_ssf=<n> ,
 and
 .BR sasl_ssf=<n>
-set the required Security Strength Factor (ssf) required to grant access.
+set the minimum required Security Strength Factor (ssf) needed
+to grant access.  The value should be positive integer.
 .SH THE <ACCESS> FIELD
 The field
 .B <access> ::= [self]{<level>|<priv>}
diff --git a/doc/man/man5/slapd.conf.5 b/doc/man/man5/slapd.conf.5
index b4ed4ab3abefa4f9e1544a5ceb22777919b2499e..d0648d2a30f81346ce9b8858630a205dd4985f79 100644
--- a/doc/man/man5/slapd.conf.5
+++ b/doc/man/man5/slapd.conf.5
@@ -518,7 +518,7 @@ such as those to the ldapi:// listener.  For a description of SSF values,
 see 
 .BR sasl-secprops 's
 .B minssf
-property description.  The default is 71.
+option description.  The default is 71.
 .TP
 .B loglevel <integer> [...]
 Specify the level at which debugging statements and operation 
@@ -801,10 +801,11 @@ Specify the distinguished name for the subschema subentry that
 controls the entries on this server.  The default is "cn=Subschema".
 .TP
 .B security <factors>
-Specify a set of factors (separated by white space) to require.
-An integer value is associated with each factor and is roughly
-equivalent of the encryption key length to require.  A value
-of 112 is equivalent to 3DES, 128 to Blowfish, etc..
+Specify a set of security strength factors (separated by white space)
+to require (see
+.BR sasl-secprops 's
+.B minssf
+option for a description of security strength factors).
 The directive may be specified globally and/or per-database.
 .B ssf=<n>
 specifies the overall security strength factor.