Closed rnewson closed 3 weeks ago
@rnewson Should we add some sensitive and safe defaults in default.ini
?
No, I think let erlang/OTP version + mochiweb determine the default, and then a simple override.
We could submit a PR to mochiweb though, its defaults and notion of what is currently "safe" or not "broken" is quite out of date: https://github.com/mochi/mochiweb/blob/611254eb941e502227f221667389b98fd8e72d6f/src/mochiweb_socket.erl#L58
Thank you, Robert for actioning the fix so quickly. Any clue, when this fix will be released and which version(s) of couchDB have this fix?
Overview
Allow configuration of signature algorithms and allowed ECC curves
Testing recommendations
Related Issues or Pull Requests
closes https://github.com/apache/couchdb/issues/5211
Checklist
rel/overlay/etc/default.ini
src/docs
folder