Add ssl_session_tickets and ssl_session_ticket_key parameters
This commit is contained in:
parent
36952873b9
commit
bef7b09f2e
2 changed files with 18 additions and 0 deletions
|
@ -79,6 +79,10 @@
|
||||||
# OCSP responses by the server. Defaults to false.
|
# OCSP responses by the server. Defaults to false.
|
||||||
# [*ssl_session_timeout*] - String: Specifies a time during which a client
|
# [*ssl_session_timeout*] - String: Specifies a time during which a client
|
||||||
# may reuse the session parameters stored in a cache. Defaults to 5m.
|
# may reuse the session parameters stored in a cache. Defaults to 5m.
|
||||||
|
# [*ssl_session_tickets*] - String: Enables or disables session resumption
|
||||||
|
# through TLS session tickets.
|
||||||
|
# [*ssl_session_ticket_key*] - String: Sets a file with the secret key used
|
||||||
|
# to encrypt and decrypt TLS session tickets.
|
||||||
# [*ssl_trusted_cert*] - String: Specifies a file with trusted CA
|
# [*ssl_trusted_cert*] - String: Specifies a file with trusted CA
|
||||||
# certificates in the PEM format used to verify client certificates and
|
# certificates in the PEM format used to verify client certificates and
|
||||||
# OCSP responses if ssl_stapling is enabled.
|
# OCSP responses if ssl_stapling is enabled.
|
||||||
|
@ -206,6 +210,8 @@ define nginx::resource::vhost (
|
||||||
$ssl_stapling_responder = undef,
|
$ssl_stapling_responder = undef,
|
||||||
$ssl_stapling_verify = false,
|
$ssl_stapling_verify = false,
|
||||||
$ssl_session_timeout = '5m',
|
$ssl_session_timeout = '5m',
|
||||||
|
$ssl_session_tickets = undef,
|
||||||
|
$ssl_session_ticket_key = undef,
|
||||||
$ssl_trusted_cert = undef,
|
$ssl_trusted_cert = undef,
|
||||||
$spdy = $::nginx::config::spdy,
|
$spdy = $::nginx::config::spdy,
|
||||||
$http2 = $::nginx::config::http2,
|
$http2 = $::nginx::config::http2,
|
||||||
|
@ -355,6 +361,12 @@ define nginx::resource::vhost (
|
||||||
}
|
}
|
||||||
validate_bool($ssl_stapling_verify)
|
validate_bool($ssl_stapling_verify)
|
||||||
validate_string($ssl_session_timeout)
|
validate_string($ssl_session_timeout)
|
||||||
|
if ($ssl_session_tickets) {
|
||||||
|
validate_string($ssl_session_tickets)
|
||||||
|
}
|
||||||
|
if ($ssl_session_ticket_key) {
|
||||||
|
validate_string($ssl_session_ticket_key)
|
||||||
|
}
|
||||||
if ($ssl_trusted_cert != undef) {
|
if ($ssl_trusted_cert != undef) {
|
||||||
validate_string($ssl_trusted_cert)
|
validate_string($ssl_trusted_cert)
|
||||||
}
|
}
|
||||||
|
|
|
@ -11,6 +11,12 @@
|
||||||
<% end -%>
|
<% end -%>
|
||||||
ssl_session_cache <%= @ssl_cache %>;
|
ssl_session_cache <%= @ssl_cache %>;
|
||||||
ssl_session_timeout <%= @ssl_session_timeout %>;
|
ssl_session_timeout <%= @ssl_session_timeout %>;
|
||||||
|
<% if @ssl_session_tickets -%>
|
||||||
|
ssl_session_tickets <%= @ssl_session_tickets %>;
|
||||||
|
<% end -%>
|
||||||
|
<% if @ssl_session_ticket_key -%>
|
||||||
|
ssl_session_ticket_key <%= @ssl_session_ticket_key %>;
|
||||||
|
<% end -%>
|
||||||
<% if @ssl_buffer_size -%>
|
<% if @ssl_buffer_size -%>
|
||||||
ssl_buffer_size <%= @ssl_buffer_size %>;
|
ssl_buffer_size <%= @ssl_buffer_size %>;
|
||||||
<% end -%>
|
<% end -%>
|
||||||
|
|
Loading…
Reference in a new issue