diff --git a/doc/guide.html b/doc/guide.html
index bf51b3ac0..4efcc7a17 100644
--- a/doc/guide.html
+++ b/doc/guide.html
@@ -751,8 +751,14 @@ No unencrypted connections will be allowed.
You should also set the certfile option.
You can define a certificate file for a specific domain using the global option domain_certfile.
tls This option specifies that traffic on
-the port will be encrypted using SSL immediately after connecting. You
-should also set the certfile option.
+the port will be encrypted using SSL immediately after connecting.
+This was the traditional encryption method in the early Jabber software,
+commonly on port 5223 for client-to-server communications.
+But this method is nowadays deprecated and not recommended.
+The preferable encryption method is STARTTLS on port 5222, as defined
+RFC 3920: XMPP Core,
+which can be enabled in ejabberd with the option starttls.
+If this option is set, you should also set the certfile option.
web_admin This option
enables the Web Admin for ejabberd administration which is available
at http://server:port/admin/
. Login and password are the username and
@@ -762,7 +768,7 @@ password of one of the registered users who are granted access by the
option specifies that Zlib stream compression (as defined in XEP-0138)
is available on connections to the port. Client connections cannot use
stream compression and stream encryption simultaneously. Hence, if you
-specify both tls (or ssl) and zlib, the latter
+specify both starttls (or tls) and zlib, the latter
option will not affect connections (there will be no stream compression).
There are some additional global options that can be specified in the ejabberd configuration file (outside listen):
-
diff --git a/doc/guide.tex b/doc/guide.tex
index 5c7aa1027..9a00a964b 100644
--- a/doc/guide.tex
+++ b/doc/guide.tex
@@ -884,8 +884,14 @@ This is a detailed description of each option allowed by the listening modules:
You should also set the \option{certfile} option.
You can define a certificate file for a specific domain using the global option \option{domain\_certfile}.
\titem{tls} \ind{options!tls}\ind{TLS}This option specifies that traffic on
- the port will be encrypted using SSL immediately after connecting. You
- should also set the \option{certfile} option.
+ the port will be encrypted using SSL immediately after connecting.
+ This was the traditional encryption method in the early Jabber software,
+ commonly on port 5223 for client-to-server communications.
+ But this method is nowadays deprecated and not recommended.
+ The preferable encryption method is STARTTLS on port 5222, as defined
+ \footahref{http://www.xmpp.org/specs/rfc3920.html\#tls}{RFC 3920: XMPP Core},
+ which can be enabled in \ejabberd{} with the option \term{starttls}.
+ If this option is set, you should also set the \option{certfile} option.
\titem{web\_admin} \ind{options!web\_admin}\ind{web admin}This option
enables the Web Admin for \ejabberd{} administration which is available
at \verb|http://server:port/admin/|. Login and password are the username and
@@ -895,7 +901,7 @@ This is a detailed description of each option allowed by the listening modules:
option specifies that Zlib stream compression (as defined in \xepref{0138})
is available on connections to the port. Client connections cannot use
stream compression and stream encryption simultaneously. Hence, if you
- specify both \option{tls} (or \option{ssl}) and \option{zlib}, the latter
+ specify both \option{starttls} (or \option{tls}) and \option{zlib}, the latter
option will not affect connections (there will be no stream compression).
\end{description}