From bef7b09f2ea9e5410cfcd467d6fba78966237336 Mon Sep 17 00:00:00 2001
From: Iain Buclaw <iain.buclaw@sociomantic.com>
Date: Thu, 16 Jun 2016 18:26:50 +0200
Subject: [PATCH] Add ssl_session_tickets and ssl_session_ticket_key parameters

---
 manifests/resource/vhost.pp            | 12 ++++++++++++
 templates/vhost/vhost_ssl_settings.erb |  6 ++++++
 2 files changed, 18 insertions(+)

diff --git a/manifests/resource/vhost.pp b/manifests/resource/vhost.pp
index ad37a09..14add66 100644
--- a/manifests/resource/vhost.pp
+++ b/manifests/resource/vhost.pp
@@ -79,6 +79,10 @@
 #     OCSP responses by the server. Defaults to false.
 #   [*ssl_session_timeout*] - String: Specifies a time during which a client
 #     may reuse the session parameters stored in a cache. Defaults to 5m.
+#   [*ssl_session_tickets*] - String: Enables or disables session resumption
+#     through TLS session tickets.
+#   [*ssl_session_ticket_key*] - String: Sets a file with the secret key used
+#     to encrypt and decrypt TLS session tickets.
 #   [*ssl_trusted_cert*]    - String: Specifies a file with trusted CA
 #     certificates in the PEM format used to verify client certificates and
 #     OCSP responses if ssl_stapling is enabled.
@@ -206,6 +210,8 @@ define nginx::resource::vhost (
   $ssl_stapling_responder       = undef,
   $ssl_stapling_verify          = false,
   $ssl_session_timeout          = '5m',
+  $ssl_session_tickets          = undef,
+  $ssl_session_ticket_key       = undef,
   $ssl_trusted_cert             = undef,
   $spdy                         = $::nginx::config::spdy,
   $http2                        = $::nginx::config::http2,
@@ -355,6 +361,12 @@ define nginx::resource::vhost (
   }
   validate_bool($ssl_stapling_verify)
   validate_string($ssl_session_timeout)
+  if ($ssl_session_tickets) {
+    validate_string($ssl_session_tickets)
+  }
+  if ($ssl_session_ticket_key) {
+    validate_string($ssl_session_ticket_key)
+  }
   if ($ssl_trusted_cert != undef) {
     validate_string($ssl_trusted_cert)
   }
diff --git a/templates/vhost/vhost_ssl_settings.erb b/templates/vhost/vhost_ssl_settings.erb
index a5d1863..9c621c0 100644
--- a/templates/vhost/vhost_ssl_settings.erb
+++ b/templates/vhost/vhost_ssl_settings.erb
@@ -11,6 +11,12 @@
 <% end -%>
   ssl_session_cache         <%= @ssl_cache %>;
   ssl_session_timeout       <%= @ssl_session_timeout %>;
+<% if @ssl_session_tickets -%>
+  ssl_session_tickets       <%= @ssl_session_tickets %>;
+<% end -%>
+<% if @ssl_session_ticket_key -%>
+  ssl_session_ticket_key    <%= @ssl_session_ticket_key %>;
+<% end -%>
 <% if @ssl_buffer_size -%>
   ssl_buffer_size           <%= @ssl_buffer_size %>;
 <% end -%>