------------------------------------------------------------
revno: 14036
revision-id: squid3@treenet.co.nz-20160420115648-4s96ckmajjgfkl66
parent: squid3@treenet.co.nz-20160420101406-ymt9nyc8gkd3nerv
fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4495
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Wed 2016-04-20 23:56:48 +1200
message:
  Bug 4495: Unknown SSL option SSL_OP_NO_TICKET
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20160420115648-4s96ckmajjgfkl66
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: 25ae11cda1b430cbe953251d70ad2e84629ab85d
# timestamp: 2016-04-20 11:57:31 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20160420101406-\
#   ymt9nyc8gkd3nerv
# 
# Begin patch
=== modified file 'src/cf.data.pre'
--- src/cf.data.pre	2016-02-15 13:58:48 +0000
+++ src/cf.data.pre	2016-04-20 11:56:48 +0000
@@ -2537,13 +2537,16 @@
 	    NO_TLSv1    Disallow the use of TLSv1.0
 	    NO_TLSv1_1  Disallow the use of TLSv1.1
 	    NO_TLSv1_2  Disallow the use of TLSv1.2
+
 	    SINGLE_DH_USE
 		      Always create a new key when using temporary/ephemeral
 		      DH key exchanges
-	    SSL_OP_NO_TICKET
+
+	    NO_TICKET
 		      Disable use of RFC5077 session tickets. Some servers
 		      may have problems understanding the TLS extension due
 		      to ambiguous specification in RFC4507.
+
 	    ALL       Enable various bug workarounds suggested as "harmless"
 		      by OpenSSL. Be warned that this may reduce SSL/TLS
 		      strength to some attacks.
@@ -3273,9 +3276,16 @@
 			    NO_TLSv1    Disallow the use of TLSv1.0
 			    NO_TLSv1_1  Disallow the use of TLSv1.1
 			    NO_TLSv1_2  Disallow the use of TLSv1.2
+
 			    SINGLE_DH_USE
 				      Always create a new key when using
 				      temporary/ephemeral DH key exchanges
+
+			    NO_TICKET
+				      Disable use of RFC5077 session tickets. Some servers
+				      may have problems understanding the TLS extension due
+				      to ambiguous specification in RFC4507.
+
 			    ALL       Enable various bug workarounds
 				      suggested as "harmless" by OpenSSL
 				      Be warned that this reduces SSL/TLS