diff options
Diffstat (limited to 'man')
| -rw-r--r-- | man/Makefile.in | 2 | ||||
| -rw-r--r-- | man/ipsec.conf.5.in | 16 |
2 files changed, 13 insertions, 5 deletions
diff --git a/man/Makefile.in b/man/Makefile.in index 795505a14..9b793627d 100644 --- a/man/Makefile.in +++ b/man/Makefile.in @@ -197,9 +197,11 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +FUZZING_LDFLAGS = @FUZZING_LDFLAGS@ GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ +GPERF_LEN_TYPE = @GPERF_LEN_TYPE@ GPRBUILD = @GPRBUILD@ GREP = @GREP@ INSTALL = @INSTALL@ diff --git a/man/ipsec.conf.5.in b/man/ipsec.conf.5.in index 69aeba8cb..774df75ac 100644 --- a/man/ipsec.conf.5.in +++ b/man/ipsec.conf.5.in @@ -631,6 +631,12 @@ constraint (without ike: prefix) will also apply to IKEv2 authentication, unless this is disabled in .BR strongswan.conf (5). +To use or require RSASSA-PSS signatures use rsa/pss instead of rsa as in e.g. +.BR ike:rsa/pss-sha256 . +If \fBpubkey\fR or \fBrsa\fR constraints are configured RSASSA-PSS signatures +will only be used/accepted if enabled in +.BR strongswan.conf (5). + For .BR eap , an optional EAP method can be appended. Currently defined methods are @@ -1031,8 +1037,8 @@ Relevant only locally, other end need not agree on it. Also see EXPIRY/REKEY below. .TP .BR mark " = <value>[/<mask>]" -sets an XFRM mark in the inbound and outbound -IPsec SAs and policies. If the mask is missing then a default +sets an XFRM mark on the inbound policy and outbound +IPsec SA and policy. If the mask is missing then a default mask of .B 0xffffffff is assumed. The special value @@ -1043,13 +1049,13 @@ make the mark unique for each IPsec SA direction (in/out) the special value may be used. .TP .BR mark_in " = <value>[/<mask>]" -sets an XFRM mark in the inbound IPsec SA and -policy. If the mask is missing then a default mask of +sets an XFRM mark on the inbound policy (not on the SA). If the mask is missing +then a default mask of .B 0xffffffff is assumed. .TP .BR mark_out " = <value>[/<mask>]" -sets an XFRM mark in the outbound IPsec SA and +sets an XFRM mark on the outbound IPsec SA and policy. If the mask is missing then a default mask of .B 0xffffffff is assumed. |