diff options
| author | Yves-Alexis Perez <corsac@corsac.net> | 2017-11-21 10:22:31 +0100 |
|---|---|---|
| committer | Yves-Alexis Perez <corsac@corsac.net> | 2017-11-21 10:22:31 +0100 |
| commit | e1d78dc2faaa06e7c3f71ef674a71e4de2f0758e (patch) | |
| tree | ae0c8b5f4cd8289d0797882ea18969f33ea59a1e /man | |
| parent | 11d6b62db969bdd808d0f56706cb18f113927a31 (diff) | |
| download | vyos-strongswan-e1d78dc2faaa06e7c3f71ef674a71e4de2f0758e.tar.gz vyos-strongswan-e1d78dc2faaa06e7c3f71ef674a71e4de2f0758e.zip | |
New upstream version 5.6.1
Diffstat (limited to 'man')
| -rw-r--r-- | man/Makefile.in | 2 | ||||
| -rw-r--r-- | man/ipsec.conf.5.in | 16 |
2 files changed, 13 insertions, 5 deletions
diff --git a/man/Makefile.in b/man/Makefile.in index 795505a14..9b793627d 100644 --- a/man/Makefile.in +++ b/man/Makefile.in @@ -197,9 +197,11 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +FUZZING_LDFLAGS = @FUZZING_LDFLAGS@ GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ +GPERF_LEN_TYPE = @GPERF_LEN_TYPE@ GPRBUILD = @GPRBUILD@ GREP = @GREP@ INSTALL = @INSTALL@ diff --git a/man/ipsec.conf.5.in b/man/ipsec.conf.5.in index 69aeba8cb..774df75ac 100644 --- a/man/ipsec.conf.5.in +++ b/man/ipsec.conf.5.in @@ -631,6 +631,12 @@ constraint (without ike: prefix) will also apply to IKEv2 authentication, unless this is disabled in .BR strongswan.conf (5). +To use or require RSASSA-PSS signatures use rsa/pss instead of rsa as in e.g. +.BR ike:rsa/pss-sha256 . +If \fBpubkey\fR or \fBrsa\fR constraints are configured RSASSA-PSS signatures +will only be used/accepted if enabled in +.BR strongswan.conf (5). + For .BR eap , an optional EAP method can be appended. Currently defined methods are @@ -1031,8 +1037,8 @@ Relevant only locally, other end need not agree on it. Also see EXPIRY/REKEY below. .TP .BR mark " = <value>[/<mask>]" -sets an XFRM mark in the inbound and outbound -IPsec SAs and policies. If the mask is missing then a default +sets an XFRM mark on the inbound policy and outbound +IPsec SA and policy. If the mask is missing then a default mask of .B 0xffffffff is assumed. The special value @@ -1043,13 +1049,13 @@ make the mark unique for each IPsec SA direction (in/out) the special value may be used. .TP .BR mark_in " = <value>[/<mask>]" -sets an XFRM mark in the inbound IPsec SA and -policy. If the mask is missing then a default mask of +sets an XFRM mark on the inbound policy (not on the SA). If the mask is missing +then a default mask of .B 0xffffffff is assumed. .TP .BR mark_out " = <value>[/<mask>]" -sets an XFRM mark in the outbound IPsec SA and +sets an XFRM mark on the outbound IPsec SA and policy. If the mask is missing then a default mask of .B 0xffffffff is assumed. |