From 197318f1abce2a439be2d3725dd9225773a6eb4d Mon Sep 17 00:00:00 2001
From: Edward Knyshov <edvorg@gmail.com>
Date: Sun, 12 Feb 2017 17:14:53 +0700
Subject: [PATCH] Updated Configure SSL (markdown)

---
 docs/content/config/security/ssl.md | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/docs/content/config/security/ssl.md b/docs/content/config/security/ssl.md
index c100732a..3a66df94 100644
--- a/docs/content/config/security/ssl.md
+++ b/docs/content/config/security/ssl.md
@@ -98,4 +98,21 @@ or
 
 And you should see the certificate chain, the server certificate and:
 
-    Verify return code: 0 (ok)
\ No newline at end of file
+    Verify return code: 0 (ok)
+
+### Plain text access
+
+Not recommended for purposes other than testing.
+
+Just add this to config/dovecot.cf:
+
+```
+ssl = yes
+disable_plaintext_auth=no
+```
+
+These options in conjunction mean:
+
+```
+ssl=yes and disable_plaintext_auth=no: SSL/TLS is offered to the client, but the client isn't required to use it. The client is allowed to login with plaintext authentication even when SSL/TLS isn't enabled on the connection. This is insecure, because the plaintext password is exposed to the internet.
+```
\ No newline at end of file