From 143409fcf6789afacfae75f5192c36e3addcc1bc Mon Sep 17 00:00:00 2001
From: Christos Tsantilas <chtsanti@users.sourceforge.net>
Date: Fri, 23 Jan 2015 21:07:58 -0800
Subject: [PATCH] Add TLS/SSL option NO_TICKET to http[s]_port

If this option is set the TLS ticket extension disabled.

When TLS ticket extension is disabled squid is still able to use SSL shared
sessions if this feature is not disabled.

This is a Measurement Factory project
---
 src/cf.data.pre    | 1 +
 src/ssl/support.cc | 5 +++++
 2 files changed, 6 insertions(+)

diff --git a/src/cf.data.pre b/src/cf.data.pre
index 77ed0097a3..2be97c4d73 100644
--- a/src/cf.data.pre
+++ b/src/cf.data.pre
@@ -1734,6 +1734,7 @@ DOC_START
 			    NO_TLSv1_2  Disallow the use of TLSv1.2
 			    SINGLE_DH_USE Always create a new key when using
 				      temporary/ephemeral DH key exchanges
+			    NO_TICKET Disables TLS tickets extension
 			    ALL       Enable various bug workarounds
 				      suggested as "harmless" by OpenSSL
 				      Be warned that this reduces SSL/TLS
diff --git a/src/ssl/support.cc b/src/ssl/support.cc
index e3cd327e31..561569f556 100644
--- a/src/ssl/support.cc
+++ b/src/ssl/support.cc
@@ -487,6 +487,11 @@ ssl_options[] = {
     {
         "No_Compression", SSL_OP_NO_COMPRESSION
     },
+#endif
+#if SSL_OP_NO_TICKET
+    {
+        "NO_TICKET", SSL_OP_NO_TICKET
+    },
 #endif
     {
         "", 0
-- 
2.47.2