Add TLS/SSL option NO_TICKET to http[s]_port

If this option is set the TLS ticket extension disabled.

When TLS ticket extension is disabled squid is still able to use SSL shared
sessions if this feature is not disabled.

This is a Measurement Factory project

diff --git a/src/cf.data.pre b/src/cf.data.pre
index 77ed0097a3df966569fe042c653c269cd8eced10..2be97c4d73f94fff93cd7bb2b15cf7bf9fe4b4ac 100644 (file)
--- a/src/cf.data.pre
+++ b/src/cf.data.pre
@@ -1734,6 +1734,7 @@ DOC_START
                            NO_TLSv1_2  Disallow the use of TLSv1.2
                            SINGLE_DH_USE Always create a new key when using
                                      temporary/ephemeral DH key exchanges
+                           NO_TICKET Disables TLS tickets extension
                            ALL       Enable various bug workarounds
                                      suggested as "harmless" by OpenSSL
                                      Be warned that this reduces SSL/TLS

diff --git a/src/ssl/support.cc b/src/ssl/support.cc
index e3cd327e31dc33c6024810320b75c35d908aef8d..561569f556dde4f93c0dcaacaeb6e3f183e1843f 100644 (file)
--- a/src/ssl/support.cc
+++ b/src/ssl/support.cc
@@ -487,6 +487,11 @@ ssl_options[] = {
     {
         "No_Compression", SSL_OP_NO_COMPRESSION
     },
+#endif
+#if SSL_OP_NO_TICKET
+    {
+        "NO_TICKET", SSL_OP_NO_TICKET
+    },
 #endif
     {
         "", 0