Implement session ticket keys; default STEK module with rotation

author: Matthew Holt <mholt@users.noreply.github.com> 2019-05-29 23:11:46 -0600
committer: Matthew Holt <mholt@users.noreply.github.com> 2019-05-29 23:11:46 -0600
commit: 34399332354b5cbc742200ef11aa33f199ba6755 (patch)
tree: c35f022730e8a83ddddf3c99ebc9efc2bd5304d9 /modules/caddytls/connpolicy.go
parent: 1b6b422c638532d49e697242d9fcf1aa0c3fdc53 (diff)
1 files changed, 13 insertions, 1 deletions
diff --git a/modules/caddytls/connpolicy.go b/modules/caddytls/connpolicy.go
index 3241d3c..006afe9 100644
--- a/modules/caddytls/connpolicy.go
+++ b/modules/caddytls/connpolicy.go
@@ -133,9 +133,21 @@ func (p *ConnectionPolicy) buildStandardTLSConfig(ctx caddy2.Context) error {
 		},
 		MinVersion: tls.VersionTLS12,
 		MaxVersion: tls.VersionTLS13,
-		// TODO: Session ticket key rotation (use Storage)
 	}
 
+	// session tickets support
+	cfg.SessionTicketsDisabled = tlsApp.SessionTickets.Disabled
+
+	// session ticket key rotation
+	tlsApp.SessionTickets.register(cfg)
+	ctx.OnCancel(func() {
+		// do cleanup when the context is cancelled because,
+		// though unlikely, it is possible that a context
+		// needing a TLS server config could exist for less
+		// than the lifetime of the whole app
+		tlsApp.SessionTickets.unregister(cfg)
+	})
+
 	// add all the cipher suites in order, without duplicates
 	cipherSuitesAdded := make(map[uint16]struct{})
 	for _, csName := range p.CipherSuites {
author	Matthew Holt <mholt@users.noreply.github.com>	2019-05-29 23:11:46 -0600
committer	Matthew Holt <mholt@users.noreply.github.com>	2019-05-29 23:11:46 -0600
commit	34399332354b5cbc742200ef11aa33f199ba6755 (patch)
tree	c35f022730e8a83ddddf3c99ebc9efc2bd5304d9 /modules/caddytls/connpolicy.go
parent	1b6b422c638532d49e697242d9fcf1aa0c3fdc53 (diff)