diff options
author | Matthew Holt <mholt@users.noreply.github.com> | 2019-05-29 23:11:46 -0600 |
---|---|---|
committer | Matthew Holt <mholt@users.noreply.github.com> | 2019-05-29 23:11:46 -0600 |
commit | 34399332354b5cbc742200ef11aa33f199ba6755 (patch) | |
tree | c35f022730e8a83ddddf3c99ebc9efc2bd5304d9 /modules/caddytls/connpolicy.go | |
parent | 1b6b422c638532d49e697242d9fcf1aa0c3fdc53 (diff) |
Implement session ticket keys; default STEK module with rotation
Diffstat (limited to 'modules/caddytls/connpolicy.go')
-rw-r--r-- | modules/caddytls/connpolicy.go | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/modules/caddytls/connpolicy.go b/modules/caddytls/connpolicy.go index 3241d3c..006afe9 100644 --- a/modules/caddytls/connpolicy.go +++ b/modules/caddytls/connpolicy.go @@ -133,9 +133,21 @@ func (p *ConnectionPolicy) buildStandardTLSConfig(ctx caddy2.Context) error { }, MinVersion: tls.VersionTLS12, MaxVersion: tls.VersionTLS13, - // TODO: Session ticket key rotation (use Storage) } + // session tickets support + cfg.SessionTicketsDisabled = tlsApp.SessionTickets.Disabled + + // session ticket key rotation + tlsApp.SessionTickets.register(cfg) + ctx.OnCancel(func() { + // do cleanup when the context is cancelled because, + // though unlikely, it is possible that a context + // needing a TLS server config could exist for less + // than the lifetime of the whole app + tlsApp.SessionTickets.unregister(cfg) + }) + // add all the cipher suites in order, without duplicates cipherSuitesAdded := make(map[uint16]struct{}) for _, csName := range p.CipherSuites { |