upstream: When signing certificates with an RSA key, default to

using the rsa-sha2-512 signature algorithm. Certificates signed by RSA keys
will therefore be incompatible with OpenSSH < 7.2 unless the default is
overridden.

Document the ability of the ssh-keygen -t flag to override the
signature algorithm when signing certificates, and the new default.

ok deraadt@

OpenBSD-Commit-ID: 400c9c15013978204c2cb80f294b03ae4cfc8b95

0 files changed, 0 insertions, 0 deletions