From fde0c763b6c1066d206dad3d09920e8e900f6f18 Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Tue, 31 Oct 2017 14:20:28 +0100
Subject: auth-cfg: Add RSA/PSS schemes for pubkey and rsa if enabled in
 strongswan.conf

Also document the rsa/pss prefix.
---
 man/ipsec.conf.5.in | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'man/ipsec.conf.5.in')

diff --git a/man/ipsec.conf.5.in b/man/ipsec.conf.5.in
index 85340f2da..774df75ac 100644
--- a/man/ipsec.conf.5.in
+++ b/man/ipsec.conf.5.in
@@ -631,6 +631,12 @@ constraint (without ike: prefix) will also apply to IKEv2 authentication, unless
 this is disabled in
 .BR strongswan.conf (5).
 
+To use or require RSASSA-PSS signatures use rsa/pss instead of rsa as in e.g.
+.BR ike:rsa/pss-sha256 .
+If \fBpubkey\fR or \fBrsa\fR constraints are configured RSASSA-PSS signatures
+will only be used/accepted if enabled in
+.BR strongswan.conf (5).
+
 For
 .BR eap ,
 an optional EAP method can be appended. Currently defined methods are
-- 
cgit v1.2.3