TLS: document the update-ca-trust

en-US/Features-TLS.xml

@@ -281,16 +281,17 @@
 	<para>
 	  The client must configure the TLS library to use a set of
 	  trusted root certificates.  These certificates are provided
-	  by the system in <filename
-	  class="directory">/etc/ssl/certs</filename> or files derived
-	  from it.
+	  by the system in various formats and files. These are documented in <literal>update-ca-trust</literal>
+	  man page in Fedora. Portable applications should not hard-code
+	  any paths; they should rely on APIs which set the default
+	  for the system trust store.
 	</para>
       </listitem>
       <listitem>
 	<para>
 	  The client selects sufficiently strong cryptographic
 	  primitives and disables insecure ones (such as no-op
-	  encryption). Compression and SSL version 2 support must be
+	  encryption). Compression support and SSL version 3 or lower must be
 	  disabled (including the SSLv2-compatible handshake).
 	</para>
       </listitem>
@@ -546,7 +547,7 @@
 	linkend="ex-Defensive_Coding-TLS-GNUTLS-Disconnect"/>).
       </para>
       <example id="ex-Defensive_Coding-TLS-GNUTLS-Disconnect">
-	<title>Using a GNUTLS session</title>
+	<title>Closing a GNUTLS session in an orderly fashion</title>
 	<xi:include href="snippets/Features-TLS-GNUTLS-Disconnect.xml"
 		    xmlns:xi="http://www.w3.org/2001/XInclude" />
       </example>