From: Christos Tsantilas <chtsanti@users.sourceforge.net>
Date: Sat, 24 Jan 2015 05:07:58 +0000 (-0800)
Subject: Add TLS/SSL option NO_TICKET to http[s]_port
X-Git-Tag: SQUID_3_4_12~6
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=143409fcf6789afacfae75f5192c36e3addcc1bc;p=thirdparty%2Fsquid.git

Add TLS/SSL option NO_TICKET to http[s]_port

If this option is set the TLS ticket extension disabled.

When TLS ticket extension is disabled squid is still able to use SSL shared
sessions if this feature is not disabled.

This is a Measurement Factory project
---

diff --git a/src/cf.data.pre b/src/cf.data.pre
index 77ed0097a3..2be97c4d73 100644
--- a/src/cf.data.pre
+++ b/src/cf.data.pre
@@ -1734,6 +1734,7 @@ DOC_START
 			    NO_TLSv1_2  Disallow the use of TLSv1.2
 			    SINGLE_DH_USE Always create a new key when using
 				      temporary/ephemeral DH key exchanges
+			    NO_TICKET Disables TLS tickets extension
 			    ALL       Enable various bug workarounds
 				      suggested as "harmless" by OpenSSL
 				      Be warned that this reduces SSL/TLS
diff --git a/src/ssl/support.cc b/src/ssl/support.cc
index e3cd327e31..561569f556 100644
--- a/src/ssl/support.cc
+++ b/src/ssl/support.cc
@@ -487,6 +487,11 @@ ssl_options[] = {
     {
         "No_Compression", SSL_OP_NO_COMPRESSION
     },
+#endif
+#if SSL_OP_NO_TICKET
+    {
+        "NO_TICKET", SSL_OP_NO_TICKET
+    },
 #endif
     {
         "", 0