tls: docs cleanup

docs/plugins/tls.md

@@ -38,6 +38,8 @@ be the same as the contents of your `config/me` file.
 
 ## Configuration
 
+The following settings can be specified in config/tls.ini.
+
 ### `no_tls_hosts`
 
 If needed, add this section to the tls.ini file and list any IPs that have
@@ -47,28 +49,25 @@ broken TLS. Ex:
     192.168.1.3=true
 
 
-The following settings can be specified in config/tls.ini. The
-[Node.js TLS](http://nodejs.org/api/tls.html) page has additional information
-about these options.
-
-### requestCert
+The [Node.js TLS](http://nodejs.org/api/tls.html) page has additional information
+about the following options.
 
-Whether a server should request a certificate from a connecting client. Only
-applies to server connections.
+### ciphers
 
-    `requestCert=[true|false]`  (default: true)
+A list of allowable ciphers to use.
 
-### rejectUnauthorized
+    `ciphers=...`
 
-Emits an 'error' event when certificate verification fails.
+See also: [Strong SSL Ciphers](http://cipherli.st) and the [SSLlabs Test Page](https://www.ssllabs.com/ssltest/index.html)
 
-    `rejectUnauthorized=[true|false]`  (default: false)
+### requestCert
 
-### ciphers
+Whether Haraka should request a certificate from a connecting client.
 
-A list of allowable ciphers to use.
+    `requestCert=[true|false]`  (default: true)
 
-    `ciphers=...`
+### rejectUnauthorized
 
-See also: [Strong SSL Ciphers](http://cipherli.st) and the [SSLlabs Test Page](https://www.ssllabs.com/ssltest/index.html)
+Reject connections from clients without a CA validated TLS certificate.
 
+    `rejectUnauthorized=[true|false]`  (default: false)