commit 35fa40b94331016db2a48ca55df86586168dd047
author Ronny Berndt <ronny@apache.org> Thu Aug 25 20:43:10 2022 +0200
committer Ronny <ronny@apache.org> Fri Aug 26 18:38:04 2022 +0200
tree b838bfb1d4a876e3f91cbab2db71701f234b72e2
parent ad69df69c7b4911010b4aef88a69e8398cc7750c

Document new hash_algorithms config key

src/config/auth.rst

diff --git a/src/config/auth.rst b/src/config/auth.rst
index a1f393f..cb92f31 100644
--- a/src/config/auth.rst
+++ b/src/config/auth.rst
@@ -196,6 +196,33 @@
             [chttpd_auth]
             authentication_redirect = /_utils/session.html
 
+    .. config:option:: hash_algorithms :: Supported hash algorithms for cookie auth
+
+        .. versionadded:: 3.3
+
+        Sets the HMAC hash algorithm used for cookie authentication. You can provide a
+        comma-separated list of hash algorithms. New cookie sessions or
+        session updates are calculated with the first hash algorithm. All values in the
+        list can be used to decode the cookie session. ::
+
+            [chttpd_auth]
+            hash_algorithms = sha256, sha
+
+        .. note::
+            You can select any hash algorithm the version of erlang used in your CouchDB
+            install supports. The common list of available hashes might be: ::
+
+                sha, sha224, sha256, sha384, sha512
+
+            To retrieve a complete list of supported hash algorithms you can use our
+            ``bin/remsh`` script and retrieve a full list of available hash algorithms
+            with ``crypto:supports(hashs).``.
+
+        .. warning::
+            We do not recommend using the following hash algorithms: ::
+
+                md4, md5
+
     .. config:option:: iterations :: PBKDF2 iterations count
 
         .. versionadded:: 1.3