diff options
| author | Yves-Alexis Perez <corsac@corsac.net> | 2017-11-21 10:22:31 +0100 |
|---|---|---|
| committer | Yves-Alexis Perez <corsac@corsac.net> | 2017-11-21 10:22:31 +0100 |
| commit | 6eb3bec5bee061bbb6a5c10f01d9737fb4597265 (patch) | |
| tree | c1d58904577a286f7788ab5d2a4f116b07163698 /man | |
| parent | 745cb3e75fbcd8bc70e8b5f55a91ae2c8a274688 (diff) | |
| parent | e1d78dc2faaa06e7c3f71ef674a71e4de2f0758e (diff) | |
| download | vyos-strongswan-6eb3bec5bee061bbb6a5c10f01d9737fb4597265.tar.gz vyos-strongswan-6eb3bec5bee061bbb6a5c10f01d9737fb4597265.zip | |
Update upstream source from tag 'upstream/5.6.1'
Update to upstream version '5.6.1'
with Debian dir 3996fc7d7b19a96b252a7fcbac12c94452d1e7d7
Diffstat (limited to 'man')
| -rw-r--r-- | man/Makefile.in | 2 | ||||
| -rw-r--r-- | man/ipsec.conf.5.in | 16 |
2 files changed, 13 insertions, 5 deletions
diff --git a/man/Makefile.in b/man/Makefile.in index 795505a14..9b793627d 100644 --- a/man/Makefile.in +++ b/man/Makefile.in @@ -197,9 +197,11 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +FUZZING_LDFLAGS = @FUZZING_LDFLAGS@ GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ +GPERF_LEN_TYPE = @GPERF_LEN_TYPE@ GPRBUILD = @GPRBUILD@ GREP = @GREP@ INSTALL = @INSTALL@ diff --git a/man/ipsec.conf.5.in b/man/ipsec.conf.5.in index 69aeba8cb..774df75ac 100644 --- a/man/ipsec.conf.5.in +++ b/man/ipsec.conf.5.in @@ -631,6 +631,12 @@ constraint (without ike: prefix) will also apply to IKEv2 authentication, unless this is disabled in .BR strongswan.conf (5). +To use or require RSASSA-PSS signatures use rsa/pss instead of rsa as in e.g. +.BR ike:rsa/pss-sha256 . +If \fBpubkey\fR or \fBrsa\fR constraints are configured RSASSA-PSS signatures +will only be used/accepted if enabled in +.BR strongswan.conf (5). + For .BR eap , an optional EAP method can be appended. Currently defined methods are @@ -1031,8 +1037,8 @@ Relevant only locally, other end need not agree on it. Also see EXPIRY/REKEY below. .TP .BR mark " = <value>[/<mask>]" -sets an XFRM mark in the inbound and outbound -IPsec SAs and policies. If the mask is missing then a default +sets an XFRM mark on the inbound policy and outbound +IPsec SA and policy. If the mask is missing then a default mask of .B 0xffffffff is assumed. The special value @@ -1043,13 +1049,13 @@ make the mark unique for each IPsec SA direction (in/out) the special value may be used. .TP .BR mark_in " = <value>[/<mask>]" -sets an XFRM mark in the inbound IPsec SA and -policy. If the mask is missing then a default mask of +sets an XFRM mark on the inbound policy (not on the SA). If the mask is missing +then a default mask of .B 0xffffffff is assumed. .TP .BR mark_out " = <value>[/<mask>]" -sets an XFRM mark in the outbound IPsec SA and +sets an XFRM mark on the outbound IPsec SA and policy. If the mask is missing then a default mask of .B 0xffffffff is assumed. |