allow further TLS configuration of clustered port

apache / couchdb

Seamless multi-master syncing database with an intuitive HTTP/JSON API, designed for reliability

https://couchdb.apache.org/

Apache License 2.0

6.2k stars 1.03k forks source link

Closed rnewson closed 3 weeks ago

rnewson commented 3 weeks ago

Allow configuration of signature algorithms and allowed ECC curves

[x] Code is written and works correctly
[ ] Changes are covered by tests
[ ] Any new configurable parameters are documented in rel/overlay/etc/default.ini
[ ] Documentation changes were made in the src/docs folder
[ ] Documentation changes were backported (separated PR) to affected branches

big-r81 commented 3 weeks ago

@rnewson Should we add some sensitive and safe defaults in default.ini?

rnewson commented 3 weeks ago

No, I think let erlang/OTP version + mochiweb determine the default, and then a simple override.

We could submit a PR to mochiweb though, its defaults and notion of what is currently "safe" or not "broken" is quite out of date: https://github.com/mochi/mochiweb/blob/611254eb941e502227f221667389b98fd8e72d6f/src/mochiweb_socket.erl#L58

nsthakur7 commented 3 weeks ago

Thank you, Robert for actioning the fix so quickly. Any clue, when this fix will be released and which version(s) of couchDB have this fix?