diff --git a/website/source/docs/agent/encryption.html.markdown b/website/source/docs/agent/encryption.html.markdown
index 2a363a216e..2ff2b0f6af 100644
--- a/website/source/docs/agent/encryption.html.markdown
+++ b/website/source/docs/agent/encryption.html.markdown
@@ -71,9 +71,8 @@ present on all agents, set via the agent's `ca_file` option. All server nodes mu
 appropriate key pair set using `cert_file` and `key_file`.
 
 If `verify_incoming` is set, the servers verify the authenticity of all incoming
-connections. Servers will also disallow any non-TLS connections. All clients must have
-a valid key pair set using `cert_file` and `key_file`. To force clients to use TLS,
-`verify_outgoing` must also be set.
+connections. All clients must have a valid key pair set using `cert_file` and `key_file`. Servers will
+also disallow any non-TLS connections. To force clients to use TLS, `verify_outgoing` must also be set.
 
 TLS is used to secure the RPC calls between agents, but gossip between nodes is done over UDP
 and is secured using a symmetric key. See above for enabling gossip encryption.