ITS#9102 Update secprop documentation

d3fca136 · Ondřej Kuzník · f8414279 · d3fca136 · d3fca136 · d3fca136
Commit d3fca136 authored Feb 17, 2021 by Ondřej Kuzník
--- a/doc/guide/admin/access-control.sdf
+++ b/doc/guide/admin/access-control.sdf
@@ -1112,8 +1112,9 @@ You can restrict access based on the security strength factor (SSF)
 0 (zero) implies no protection,
 1 implies integrity protection only,
 56 DES or other weak ciphers,
-112 triple DES and other strong ciphers,
-128 RC4, Blowfish and other modern strong ciphers.
+112 triple DES and similar ciphers,
+128 RC4, Blowfish and other similar ciphers,
+256 modern ciphers.

 Other possibilities:


--- a/doc/man/man5/ldap.conf.5
+++ b/doc/man/man5/ldap.conf.5
@@ -265,11 +265,10 @@ mechanisms which can pass credentials to do so).
 .B minssf=<factor> 
 specifies the minimum acceptable
 .I security strength factor
-as an integer approximating the effective key length used for
+as an integer approximate to effective key length used for
 encryption.  0 (zero) implies no protection, 1 implies integrity
-protection only, 56 allows DES or other weak ciphers, 112
-allows triple DES and other strong ciphers, 128 allows RC4,
-Blowfish and other modern strong ciphers.  The default is 0.
+protection only, 128 allows RC4, Blowfish and other similar ciphers,
+256 will require modern ciphers.  The default is 0.
 .TP
 .B maxssf=<factor> 
 specifies the maximum acceptable

--- a/doc/man/man5/slapd-config.5
+++ b/doc/man/man5/slapd-config.5
@@ -773,9 +773,8 @@ property specifies the minimum acceptable
 .I security strength factor
 as an integer approximate to effective key length used for
 encryption.  0 (zero) implies no protection, 1 implies integrity
-protection only, 56 allows DES or other weak ciphers, 112
-allows triple DES and other strong ciphers, 128 allows RC4,
-Blowfish and other modern strong ciphers.  The default is 0.
+protection only, 128 allows RC4, Blowfish and other similar ciphers,
+256 will require modern ciphers.  The default is 0.
 The
 .B maxssf=<factor> 
 property specifies the maximum acceptable

--- a/doc/man/man5/slapd.conf.5
+++ b/doc/man/man5/slapd.conf.5
@@ -909,9 +909,8 @@ property specifies the minimum acceptable
 .I security strength factor
 as an integer approximate to effective key length used for
 encryption.  0 (zero) implies no protection, 1 implies integrity
-protection only, 56 allows DES or other weak ciphers, 112
-allows triple DES and other strong ciphers, 128 allows RC4,
-Blowfish and other modern strong ciphers.  The default is 0.
+protection only, 128 allows RC4, Blowfish and other similar ciphers,
+256 will require modern ciphers.  The default is 0.
 The
 .B maxssf=<factor> 
 property specifies the maximum acceptable