Add ssl_session_tickets and ssl_session_ticket_key parameters

2016-06-16 18:26:50 +02:00 · 2016-06-16 18:26:50 +02:00 · bef7b09f2e
commit bef7b09f2e
parent 36952873b9
2 changed files with 18 additions and 0 deletions
--- a/manifests/resource/vhost.pp
+++ b/manifests/resource/vhost.pp
@ -79,6 +79,10 @@
 #     OCSP responses by the server. Defaults to false.
 #   [*ssl_session_timeout*] - String: Specifies a time during which a client
 #     may reuse the session parameters stored in a cache. Defaults to 5m.
+#   [*ssl_session_tickets*] - String: Enables or disables session resumption
+#     through TLS session tickets.
+#   [*ssl_session_ticket_key*] - String: Sets a file with the secret key used
+#     to encrypt and decrypt TLS session tickets.
 #   [*ssl_trusted_cert*]    - String: Specifies a file with trusted CA
 #     certificates in the PEM format used to verify client certificates and
 #     OCSP responses if ssl_stapling is enabled.
@ -206,6 +210,8 @@ define nginx::resource::vhost (
  $ssl_stapling_responder       = undef,
  $ssl_stapling_verify          = false,
  $ssl_session_timeout          = '5m',
+  $ssl_session_tickets          = undef,
+  $ssl_session_ticket_key       = undef,
  $ssl_trusted_cert             = undef,
  $spdy                         = $::nginx::config::spdy,
  $http2                        = $::nginx::config::http2,
@ -355,6 +361,12 @@ define nginx::resource::vhost (
  }
  validate_bool($ssl_stapling_verify)
  validate_string($ssl_session_timeout)
+  if ($ssl_session_tickets) {
+    validate_string($ssl_session_tickets)
+  }
+  if ($ssl_session_ticket_key) {
+    validate_string($ssl_session_ticket_key)
+  }
  if ($ssl_trusted_cert != undef) {
    validate_string($ssl_trusted_cert)
  }
--- a/templates/vhost/vhost_ssl_settings.erb
+++ b/templates/vhost/vhost_ssl_settings.erb
@ -11,6 +11,12 @@
 <% end -%>
  ssl_session_cache         <%= @ssl_cache %>;
  ssl_session_timeout       <%= @ssl_session_timeout %>;
+<% if @ssl_session_tickets -%>
+  ssl_session_tickets       <%= @ssl_session_tickets %>;
+<% end -%>
+<% if @ssl_session_ticket_key -%>
+  ssl_session_ticket_key    <%= @ssl_session_ticket_key %>;
+<% end -%>
 <% if @ssl_buffer_size -%>
  ssl_buffer_size           <%= @ssl_buffer_size %>;
 <% end -%>