diff options
Diffstat (limited to 'src/swanctl/swanctl.opt')
| -rw-r--r-- | src/swanctl/swanctl.opt | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/swanctl/swanctl.opt b/src/swanctl/swanctl.opt index 2dd9ea374..5675b31ca 100644 --- a/src/swanctl/swanctl.opt +++ b/src/swanctl/swanctl.opt @@ -587,8 +587,9 @@ connections.<conn>.remote<suffix>.auth = pubkey key type followed by the minimum strength in bits (for example _ecdsa-384_ or _rsa-2048-ecdsa-256_). To limit the acceptable set of hashing algorithms for trustchain validation, append hash algorithms to _pubkey_ or a key - strength definition (for example _pubkey-sha1-sha256_ or - _rsa-2048-ecdsa-256-sha256-sha384-sha512_). + strength definition (for example _pubkey-sha256-sha512_, + _rsa-2048-sha256-sha384-sha512_ or + _rsa-2048-sha256-ecdsa-256-sha256-sha384_). Unless disabled in **strongswan.conf**(5), or explicit IKEv2 signature constraints are configured (refer to the description of the **local** section's **auth** keyword for details), such key types and hash algorithms |