ssl session cache and timeout are now configurable.

2021-11-18 16:50:28 +01:00 · 2021-11-18 16:50:28 +01:00 · 7643a73a84
parent 32c68b3a66
commit 7643a73a84
2 changed files with 4 additions and 2 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -13,6 +13,8 @@ nginx_org_modules: []
 #    enabled: yes
 # See https://mozilla.github.io/server-side-tls/ssl-config-generator/
 nginx_ssl_level: intermediate
+nginx_ssl_session_cache_size: '10m'
+nginx_ssl_session_timeout: '120m'
 nginx_strict_transport_security_expire: 15768000
 nginx_strict_transport_security_include_subdomains: False

--- a/templates/nginx-server-ssl.conf.j2
+++ b/templates/nginx-server-ssl.conf.j2
@ -5,8 +5,8 @@ ssl_certificate_key {{ letsencrypt_acme_certs_dir }}/privkey;
 ssl_certificate {{ nginx_ssl_cert_file | default('/etc/nginx/ssl/server.crt') }};
 ssl_certificate_key {{ nginx_ssl_cert_key | default ('/etc/nginx/ssl/server.key') }};
 {% endif %}
-ssl_session_cache shared:SSL:10m;
-ssl_session_timeout 1d;
+ssl_session_cache shared:SSL:{{ nginx_ssl_session_cache_size }};
+ssl_session_timeout {{ nginx_ssl_session_timeout }};
 ssl_dhparam {{ pki_dir }}/nginx/dhparams.pem;
 {% if nginx_ssl_level == 'old' %}
 {% if ansible_distribution_version is version_compare('18.04', '>=') %}