From 2d803f207c6a627f233e22f94e26b6247a611e2c Mon Sep 17 00:00:00 2001
From: Philip Henning <mail@philip-henning.com>
Date: Mon, 15 Jul 2019 14:41:04 +0200
Subject: [PATCH] Add ssl_session_tickets directive. (#145)

---
 README.md                      | 1 +
 defaults/main.yml              | 1 +
 templates/http/default.conf.j2 | 3 +++
 3 files changed, 5 insertions(+)

diff --git a/README.md b/README.md
index 80b428b..89cb2f7 100644
--- a/README.md
+++ b/README.md
@@ -389,6 +389,7 @@ nginx_http_template:
       prefer_server_ciphers: true
       session_cache: none
       session_timeout: 5m
+      disable_session_tickets: false
       trusted_cert: /etc/ssl/certs/root_CA_cert_plus_intermediates.crt
       stapling: true
       stapling_verify: true
diff --git a/defaults/main.yml b/defaults/main.yml
index 070d94b..54fc12a 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -201,6 +201,7 @@ nginx_http_template:
       prefer_server_ciphers: true
       session_cache: none
       session_timeout: 5m
+      disable_session_tickets: false
       trusted_cert: /etc/ssl/certs/root_CA_cert_plus_intermediates.crt
       stapling: true
       stapling_verify: true
diff --git a/templates/http/default.conf.j2 b/templates/http/default.conf.j2
index 347dfb9..4b363a6 100644
--- a/templates/http/default.conf.j2
+++ b/templates/http/default.conf.j2
@@ -78,6 +78,9 @@ server {
 {% if item.value.ssl.session_timeout is defined and item.value.ssl.session_timeout %}
     ssl_session_timeout {{ item.value.ssl.session_timeout }};
 {% endif %}
+{% if item.value.ssl.disable_session_tickets is defined and item.value.ssl.disable_session_tickets %}
+    ssl_session_tickets off;
+{% endif %}
 {% if item.value.ssl.stapling is defined and item.value.ssl.stapling %}
     ssl_stapling on;
 {% endif %}