diff --git a/security-notes/OSSN-0045 b/security-notes/OSSN-0045
index 3f2c73a8..c2b64a3c 100644
--- a/security-notes/OSSN-0045
+++ b/security-notes/OSSN-0045
@@ -2,12 +2,13 @@ Vulnerable clients allow a TLS protocol downgrade (FREAK)
 ---
 
 ### Summary ###
-Some client-side libraries, including un-patched versions of OpenSSL, contain a
-vulnerability which can allow a man-in-the-middle (MITM) to force a TLS version
-downgrade. Even though this vulnerability exists in the client side, an attack
-known as FREAK is exploitable when TLS servers offer weak cipher choices. This
-security note provides guidance to mitigate the FREAK attack on the server side,
-so that TLS provides reasonable security for even un-patched clients.
+Some client-side libraries, including un-patched versions of OpenSSL,
+contain a vulnerability which can allow a man-in-the-middle (MITM) to
+force a TLS version downgrade. Even though this vulnerability exists in
+the client side, an attack known as FREAK is exploitable when TLS
+servers offer weak cipher choices. This security note provides guidance
+to mitigate the FREAK attack on the server side, so that TLS provides
+reasonable security for even un-patched clients.
 
 ### Affected Services / Software ###
 Any service using TLS. Depending on the backend TLS library, this
@@ -21,50 +22,54 @@ can include many components of an OpenStack cloud:
 - Miscellaneous services (eventlet, syslog, ldap, smtp, etc)
 
 ### Discussion ###
-TLS connections are established by a process known as a TLS handshake. During
-this process a client first sends a message to the server known as "HELLO",
-where among other things the client lists all of the TLS encryption ciphers it
-supports. In the next step, the server responds with its own "HELLO" packet, in
-which the server picks one of the cipher options the client offered. After this
-the client and server continue on to securely exchange a secret which becomes a
-master key.
+TLS connections are established by a process known as a TLS handshake.
+During this process a client first sends a message to the server known
+as "HELLO", where among other things the client lists all of the TLS
+encryption ciphers it supports. In the next step, the server responds
+with its own "HELLO" packet, in which the server picks one of the cipher
+options the client offered. After this the client and server continue on
+to securely exchange a secret which becomes a master key.
 
-The FREAK attack exploits a flaw in client logic in which vulnerable clients
-don't actually check that the cipher which was selected by the server was one
-they had offered in the first place. This creates the possibility that an
-attacker on the network somewhere between the client and server can alter the
-client's HELLO packet, removing all choices except for really weak ciphers known
-as "export grade ciphers". If the server supports these weak ciphers, it will
-(regretfully) chose it, as it appears that this is the only option that the
-client supports, and send it back in the server HELLO message.
+The FREAK attack exploits a flaw in client logic in which vulnerable
+clients don't actually check that the cipher which was selected by the
+server was one they had offered in the first place. This creates the
+possibility that an attacker on the network somewhere between the client
+and server can alter the client's HELLO packet, removing all choices
+except for really weak ciphers known as "export grade ciphers". If the
+server supports these weak ciphers, it will (regretfully) chose it, as
+it appears that this is the only option that the client supports, and
+send it back in the server HELLO message.
 
-Export grade ciphers are a legacy of a time when the US government prohibited
-the export of cryptographic ciphers which were stronger than 512 bits for
-asymmetric ciphers and 40 bits for symmetric ciphers. Today these ciphers are
-easily and quickly crackable using commodity hardware or cloud resources.
+Export grade ciphers are a legacy of a time when the US government
+prohibited the export of cryptographic ciphers which were stronger than
+512 bits for asymmetric ciphers and 40 bits for symmetric ciphers. Today
+these ciphers are easily and quickly crackable using commodity hardware
+or cloud resources.
 
 ### Recommended Actions ###
-Since this is a vulnerability in client logic, the best option is to ensure that
-all clients update to the latest version of the affected library. For more
-details about upgrading OpenSSL please see the link to the OpenSSL advisory in
-the "Further discussion" section below. Since it is unfeasible to assume that
-all clients have updated, we should also mitigate this on the TLS server-side.
+Since this is a vulnerability in client logic, the best option is to
+ensure that all clients update to the latest version of the affected
+library. For more details about upgrading OpenSSL please see the link to
+the OpenSSL advisory in the "Further discussion" section below. Since it
+is unfeasible to assume that all clients have updated, we should also
+mitigate this on the TLS server-side.
 
-To mitigate the FREAK attack on the server side, we need to remove support for
-any ciphers which are weak. This is to prevent a MITM from forcing the
-negotiation of a weak cipher. In particular we need to remove support for any
-export grade ciphers, which are especially weak.
+To mitigate the FREAK attack on the server side, we need to remove
+support for any ciphers which are weak. This is to prevent a MITM from
+forcing the negotiation of a weak cipher. In particular we need to
+remove support for any export grade ciphers, which are especially weak.
 
-The first step is to find what versions your TLS server currently supports.
-Two useful solutions exist for this: SSL Server Test at Qualys SSL Labs can be
-used to scan any web accessible endpoints, and SSLScan is a command line tool
-which attempts a TLS connection to a server with all possible cipher suites.
-Please see "tools" below for links to both.
+The first step is to find what versions your TLS server currently
+supports.  Two useful solutions exist for this: SSL Server Test at
+Qualys SSL Labs can be used to scan any web accessible endpoints, and
+SSLScan is a command line tool which attempts a TLS connection to a
+server with all possible cipher suites.  Please see "tools" below for
+links to both.
 
-The specific steps required to configure which cipher suites are supported in a
-TLS deployment depend on the software and configuration, and are beyond the
-scope of this note. Some good starting places are provided below in the section:
-"Resources for configuring TLS options".
+The specific steps required to configure which cipher suites are
+supported in a TLS deployment depend on the software and configuration,
+and are beyond the scope of this note. Some good starting places are
+provided below in the section: "Resources for configuring TLS options".
 
 ### Contacts / References ###
 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0045