Merge pull request voxpupuli#821 from iain-buclaw-sociomantic/ssltickets

Add ssl_session_tickets and ssl_session_ticket_key parameters
Slm0n87 · Jun 17, 2016 · 047f906 · 047f906
2 parents 51cb784 + 354e29d
commit 047f906
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 0 deletions.
diff --git a/manifests/resource/vhost.pp b/manifests/resource/vhost.pp
@@ -79,6 +79,10 @@
 #     OCSP responses by the server. Defaults to false.
 #   [*ssl_session_timeout*] - String: Specifies a time during which a client
 #     may reuse the session parameters stored in a cache. Defaults to 5m.
+#   [*ssl_session_tickets*] - String: Enables or disables session resumption
+#     through TLS session tickets.
+#   [*ssl_session_ticket_key*] - String: Sets a file with the secret key used
+#     to encrypt and decrypt TLS session tickets.
 #   [*ssl_trusted_cert*]    - String: Specifies a file with trusted CA
 #     certificates in the PEM format used to verify client certificates and
 #     OCSP responses if ssl_stapling is enabled.
@@ -206,6 +210,8 @@
   $ssl_stapling_responder       = undef,
   $ssl_stapling_verify          = false,
   $ssl_session_timeout          = '5m',
+  $ssl_session_tickets          = undef,
+  $ssl_session_ticket_key       = undef,
   $ssl_trusted_cert             = undef,
   $spdy                         = $::nginx::config::spdy,
   $http2                        = $::nginx::config::http2,
@@ -355,6 +361,12 @@
   }
   validate_bool($ssl_stapling_verify)
   validate_string($ssl_session_timeout)
+  if ($ssl_session_tickets) {
+    validate_string($ssl_session_tickets)
+  }
+  if ($ssl_session_ticket_key) {
+    validate_string($ssl_session_ticket_key)
+  }
   if ($ssl_trusted_cert != undef) {
     validate_string($ssl_trusted_cert)
   }

diff --git a/templates/vhost/vhost_ssl_settings.erb b/templates/vhost/vhost_ssl_settings.erb
@@ -11,6 +11,12 @@
 <% end -%>
   ssl_session_cache         <%= @ssl_cache %>;
   ssl_session_timeout       <%= @ssl_session_timeout %>;
+<% if @ssl_session_tickets -%>
+  ssl_session_tickets       <%= @ssl_session_tickets %>;
+<% end -%>
+<% if @ssl_session_ticket_key -%>
+  ssl_session_ticket_key    <%= @ssl_session_ticket_key %>;
+<% end -%>
 <% if @ssl_buffer_size -%>
   ssl_buffer_size           <%= @ssl_buffer_size %>;
 <% end -%>