Skip to content

Commit

Permalink
Merge pull request #821 from iain-buclaw-sociomantic/ssltickets
Browse files Browse the repository at this point in the history
Add ssl_session_tickets and ssl_session_ticket_key parameters
  • Loading branch information
3flex authored Jun 17, 2016
2 parents 3695287 + bef7b09 commit 4f91f7c
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 0 deletions.
12 changes: 12 additions & 0 deletions manifests/resource/vhost.pp
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,10 @@
# OCSP responses by the server. Defaults to false.
# [*ssl_session_timeout*] - String: Specifies a time during which a client
# may reuse the session parameters stored in a cache. Defaults to 5m.
# [*ssl_session_tickets*] - String: Enables or disables session resumption
# through TLS session tickets.
# [*ssl_session_ticket_key*] - String: Sets a file with the secret key used
# to encrypt and decrypt TLS session tickets.
# [*ssl_trusted_cert*] - String: Specifies a file with trusted CA
# certificates in the PEM format used to verify client certificates and
# OCSP responses if ssl_stapling is enabled.
Expand Down Expand Up @@ -206,6 +210,8 @@
$ssl_stapling_responder = undef,
$ssl_stapling_verify = false,
$ssl_session_timeout = '5m',
$ssl_session_tickets = undef,
$ssl_session_ticket_key = undef,
$ssl_trusted_cert = undef,
$spdy = $::nginx::config::spdy,
$http2 = $::nginx::config::http2,
Expand Down Expand Up @@ -355,6 +361,12 @@
}
validate_bool($ssl_stapling_verify)
validate_string($ssl_session_timeout)
if ($ssl_session_tickets) {
validate_string($ssl_session_tickets)
}
if ($ssl_session_ticket_key) {
validate_string($ssl_session_ticket_key)
}
if ($ssl_trusted_cert != undef) {
validate_string($ssl_trusted_cert)
}
Expand Down
6 changes: 6 additions & 0 deletions templates/vhost/vhost_ssl_settings.erb
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,12 @@
<% end -%>
ssl_session_cache <%= @ssl_cache %>;
ssl_session_timeout <%= @ssl_session_timeout %>;
<% if @ssl_session_tickets -%>
ssl_session_tickets <%= @ssl_session_tickets %>;
<% end -%>
<% if @ssl_session_ticket_key -%>
ssl_session_ticket_key <%= @ssl_session_ticket_key %>;
<% end -%>
<% if @ssl_buffer_size -%>
ssl_buffer_size <%= @ssl_buffer_size %>;
<% end -%>
Expand Down

0 comments on commit 4f91f7c

Please sign in to comment.