Add ssl_session_tickets and ssl_session_ticket_key parameters

This commit is contained in:
Iain Buclaw 2016-06-16 18:26:50 +02:00
parent 36952873b9
commit bef7b09f2e
No known key found for this signature in database
GPG key ID: 05DD6CBF1693E8E5
2 changed files with 18 additions and 0 deletions

View file

@ -79,6 +79,10 @@
# OCSP responses by the server. Defaults to false. # OCSP responses by the server. Defaults to false.
# [*ssl_session_timeout*] - String: Specifies a time during which a client # [*ssl_session_timeout*] - String: Specifies a time during which a client
# may reuse the session parameters stored in a cache. Defaults to 5m. # may reuse the session parameters stored in a cache. Defaults to 5m.
# [*ssl_session_tickets*] - String: Enables or disables session resumption
# through TLS session tickets.
# [*ssl_session_ticket_key*] - String: Sets a file with the secret key used
# to encrypt and decrypt TLS session tickets.
# [*ssl_trusted_cert*] - String: Specifies a file with trusted CA # [*ssl_trusted_cert*] - String: Specifies a file with trusted CA
# certificates in the PEM format used to verify client certificates and # certificates in the PEM format used to verify client certificates and
# OCSP responses if ssl_stapling is enabled. # OCSP responses if ssl_stapling is enabled.
@ -206,6 +210,8 @@ define nginx::resource::vhost (
$ssl_stapling_responder = undef, $ssl_stapling_responder = undef,
$ssl_stapling_verify = false, $ssl_stapling_verify = false,
$ssl_session_timeout = '5m', $ssl_session_timeout = '5m',
$ssl_session_tickets = undef,
$ssl_session_ticket_key = undef,
$ssl_trusted_cert = undef, $ssl_trusted_cert = undef,
$spdy = $::nginx::config::spdy, $spdy = $::nginx::config::spdy,
$http2 = $::nginx::config::http2, $http2 = $::nginx::config::http2,
@ -355,6 +361,12 @@ define nginx::resource::vhost (
} }
validate_bool($ssl_stapling_verify) validate_bool($ssl_stapling_verify)
validate_string($ssl_session_timeout) validate_string($ssl_session_timeout)
if ($ssl_session_tickets) {
validate_string($ssl_session_tickets)
}
if ($ssl_session_ticket_key) {
validate_string($ssl_session_ticket_key)
}
if ($ssl_trusted_cert != undef) { if ($ssl_trusted_cert != undef) {
validate_string($ssl_trusted_cert) validate_string($ssl_trusted_cert)
} }

View file

@ -11,6 +11,12 @@
<% end -%> <% end -%>
ssl_session_cache <%= @ssl_cache %>; ssl_session_cache <%= @ssl_cache %>;
ssl_session_timeout <%= @ssl_session_timeout %>; ssl_session_timeout <%= @ssl_session_timeout %>;
<% if @ssl_session_tickets -%>
ssl_session_tickets <%= @ssl_session_tickets %>;
<% end -%>
<% if @ssl_session_ticket_key -%>
ssl_session_ticket_key <%= @ssl_session_ticket_key %>;
<% end -%>
<% if @ssl_buffer_size -%> <% if @ssl_buffer_size -%>
ssl_buffer_size <%= @ssl_buffer_size %>; ssl_buffer_size <%= @ssl_buffer_size %>;
<% end -%> <% end -%>