diff --git a/doc/man/man5/ldap.conf.5 b/doc/man/man5/ldap.conf.5
index 10fdd3a0b6..4c4321e3e8 100644
--- a/doc/man/man5/ldap.conf.5
+++ b/doc/man/man5/ldap.conf.5
@@ -399,8 +399,8 @@ The environment variable RANDFILE can also be used to specify the filename.
 This parameter is ignored with GnuTLS.
 .TP
 .B TLS_REQCERT <level>
-Specifies what checks to perform on server certificates in a TLS session,
-if any. The
+Specifies what checks to perform on server certificates in a TLS session.
+The
 .B <level>
 can be specified as one of the following keywords:
 .RS
@@ -409,19 +409,17 @@ can be specified as one of the following keywords:
 The client will not request or check any server certificate.
 .TP
 .B allow
-The server certificate is requested. If no certificate is provided,
-the session proceeds normally. If a bad certificate is provided, it will
+The server certificate is requested. If a bad certificate is provided, it will
 be ignored and the session proceeds normally.
 .TP
 .B try
-The server certificate is requested. If no certificate is provided,
-the session proceeds normally. If a bad certificate is provided,
+The server certificate is requested. If a bad certificate is provided,
 the session is immediately terminated.
 .TP
 .B demand | hard
-These keywords are equivalent. The server certificate is requested. If no
-certificate is provided, or a bad certificate is provided, the session
-is immediately terminated. This is the default setting.
+These keywords are equivalent and the same as
+.BR try .
+This is the default setting.
 .RE
 .TP
 .B TLS_REQSAN <level>