SSL_OP_NO_TICKET SSL option to http[s]_port

If this option is set the TLS ticket extension disabled.

When TLS ticket extension is disabled squid is still able to use SSL shared
sessions if this feature is not disabled.

This is a Measurement Factory project

diff --git a/src/cf.data.pre b/src/cf.data.pre
index 21d149dc2bf51ebcabe66d4887db93bcf4b064dc..322f0918db71129d929879c2c8fddeb174a7c792 100644 (file)
--- a/src/cf.data.pre
+++ b/src/cf.data.pre
@@ -1808,6 +1808,7 @@ DOC_START
                            NO_TLSv1_2  Disallow the use of TLSv1.2
                            SINGLE_DH_USE Always create a new key when using
                                      temporary/ephemeral DH key exchanges
+                           SSL_OP_NO_TICKET Disables TLS tickets extension
                            ALL       Enable various bug workarounds
                                      suggested as "harmless" by OpenSSL
                                      Be warned that this reduces SSL/TLS

diff --git a/src/ssl/support.cc b/src/ssl/support.cc
index 7af1dbbe413046678830a11385cd7e278a6a4173..f174090b309ea149f46dcea75df5312d559a8817 100644 (file)
--- a/src/ssl/support.cc
+++ b/src/ssl/support.cc
@@ -457,6 +457,11 @@ ssl_options[] = {
     {
         "No_Compression", SSL_OP_NO_COMPRESSION
     },
+#endif
+#if SSL_OP_NO_TICKET
+    {
+        "SSL_OP_NO_TICKET", SSL_OP_NO_TICKET
+    },
 #endif
     {
         "", 0