diff --git a/doc/guide/admin/appendix-contrib.sdf b/doc/guide/admin/appendix-contrib.sdf
index ddb33077bd..8b847023cd 100644
--- a/doc/guide/admin/appendix-contrib.sdf
+++ b/doc/guide/admin/appendix-contrib.sdf
@@ -50,7 +50,7 @@ Component Matching rules (RFC 3687).
 
 H3: denyop
 
-Deny selected operations, returning {unwillingToPerform}.
+Deny selected operations, returning {{unwillingToPerform}}.
 
 
 H3: dsaschema
@@ -86,7 +86,7 @@ Proxy Authorization compatibility with obsolete internet-draft.
 H3: smbk5pwd
 
 Make the PasswordModify Extended Operation update Kerberos
-keys and Samba password hashes as well as {userPassword}.
+keys and Samba password hashes as well as {{userPassword}}.
 
 
 H3: trace
@@ -96,7 +96,7 @@ Trace overlay invocation.
 
 H3: usn
 
-Maintain {usnCreated} and {usnChanged} attrs similar to Microsoft AD.
+Maintain {{usnCreated}} and {{usnChanged}} attrs similar to Microsoft AD.
 
 
 H2: Tools
diff --git a/doc/guide/admin/tls.sdf b/doc/guide/admin/tls.sdf
index 8098055417..a3b97f4fe9 100644
--- a/doc/guide/admin/tls.sdf
+++ b/doc/guide/admin/tls.sdf
@@ -113,6 +113,11 @@ specification for OpenSSL. You can use the command
 >	openssl ciphers -v ALL
 
 to obtain a verbose list of available cipher specifications.
+
+To obtain the list of ciphers in GNUtls use:
+
+>	gnutls-cli -l
+
 Besides the individual cipher names, the specifiers {{EX:HIGH}},
 {{EX:MEDIUM}}, {{EX:LOW}}, {{EX:EXPORT}}, and {{EX:EXPORT40}}
 may be helpful, along with {{EX:TLSv1}}, {{EX:SSLv3}},