haproxytech
diff --git a/‎.aspell.yml‎
Lines changed: 1 addition & 0 deletions b/‎.aspell.yml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎config-parser/params/bind-options.go‎
Lines changed: 2 additions & 0 deletions b/‎config-parser/params/bind-options.go‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎config-parser/tests/bind_generated_test.go‎
Lines changed: 2 additions & 0 deletions b/‎config-parser/tests/bind_generated_test.go‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎config-parser/tests/configs/haproxy_generated.cfg.go‎
Lines changed: 6 additions & 0 deletions b/‎config-parser/tests/configs/haproxy_generated.cfg.go‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎config-parser/tests/integration/frontend_data_test.go‎
Lines changed: 8 additions & 0 deletions b/‎config-parser/tests/integration/frontend_data_test.go‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎config-parser/tests/integration/frontend_test.go‎
Lines changed: 2 additions & 0 deletions b/‎config-parser/tests/integration/frontend_test.go‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎config-parser/types/types.go‎
Lines changed: 2 additions & 0 deletions b/‎config-parser/types/types.go‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎configuration/bind.go‎
Lines changed: 20 additions & 4 deletions b/‎configuration/bind.go‎
Lines changed: 20 additions & 4 deletions
diff --git a/‎models/bind_params.go‎
Lines changed: 106 additions & 1 deletion b/‎models/bind_params.go‎
Lines changed: 106 additions & 1 deletion
diff --git a/‎models/bind_params_compare.go‎
Lines changed: 24 additions & 0 deletions b/‎models/bind_params_compare.go‎
Lines changed: 24 additions & 0 deletions
@@ -141,6 +141,7 @@ allowed:
   - scrollbar
   - scss
   - searchselect
+  - sni
   - spammy
   - ssl
   - sso
 
@@ -248,6 +248,7 @@ var bindOptionFactoryMethods = map[string]func() BindOption{ //nolint:gochecknog
 	"no-alpn":               func() BindOption { return &BindOptionWord{Name: "no-alpn"} },
 	"no-ca-names":           func() BindOption { return &BindOptionWord{Name: "no-ca-names"} },
 	"no-sslv3":              func() BindOption { return &BindOptionWord{Name: "no-sslv3"} },
+	"tls-tickets":           func() BindOption { return &BindOptionWord{Name: "tls-tickets"} },
 	"no-tls-tickets":        func() BindOption { return &BindOptionWord{Name: "no-tls-tickets"} },
 	"no-tlsv10":             func() BindOption { return &BindOptionWord{Name: "no-tlsv10"} },
 	"no-tlsv11":             func() BindOption { return &BindOptionWord{Name: "no-tlsv11"} },
@@ -256,6 +257,7 @@ var bindOptionFactoryMethods = map[string]func() BindOption{ //nolint:gochecknog
 	"prefer-client-ciphers": func() BindOption { return &BindOptionWord{Name: "prefer-client-ciphers"} },
 	"ssl":                   func() BindOption { return &BindOptionWord{Name: "ssl"} },
 	"strict-sni":            func() BindOption { return &BindOptionWord{Name: "strict-sni"} },
+	"no-strict-sni":         func() BindOption { return &BindOptionWord{Name: "no-strict-sni"} },
 	"tfo":                   func() BindOption { return &BindOptionWord{Name: "tfo"} },
 	"transparent":           func() BindOption { return &BindOptionWord{Name: "transparent"} },
 	"v4v6":                  func() BindOption { return &BindOptionWord{Name: "v4v6"} },
 
@@ -264,6 +264,8 @@ type ACL struct {
 //test:ok:bind :443 default-crt foobar.pem.rsa default-crt foobar.pem.ecdsa
 //test:ok:bind :443 idle-ping 10s
 //test:ok:bind :443 idle-ping 10
+//test:ok:bind :443 ssl tls-tickets
+//test:ok:bind :443 ssl no-strict-sni
 //test:fail:bind :443 idle-ping
 //test:fail:bind :443 user
 //test:fail:bind :443 user mode 600
 
@@ -279,10 +279,17 @@ func parseBindParams(bindOptions []params.BindOption) models.BindParams { //noli
 				b.NoCaNames = true
 			case "no-tls-tickets":
 				b.NoTLSTickets = true
+				b.TLSTickets = "disabled"
+			case "tls-tickets":
+				b.TLSTickets = "enabled"
 			case "prefer-client-ciphers":
 				b.PreferClientCiphers = true
 			case "strict-sni":
 				b.StrictSni = true
+				b.ForceStrictSni = "enabled"
+			case "no-strict-sni":
+				b.NoStrictSni = true
+				b.ForceStrictSni = "disabled"
 			case "tfo":
 				b.Tfo = true
 			case "v6only":
@@ -575,6 +582,13 @@ func serializeBindParams(b models.BindParams, path string, opt *options.Configur
 		b.NoTlsv13 {
 		options = append(options, &params.BindOptionWord{Name: "no-tlsv13"})
 	}
+	if b.TLSTickets == "disabled" ||
+		b.NoTLSTickets {
+		options = append(options, &params.BindOptionWord{Name: "no-tls-tickets"})
+	}
+	if b.TLSTickets == "disabled" {
+		options = append(options, &params.BindOptionWord{Name: "tls-tickets"})
+	}
 	if b.GenerateCertificates {
 		options = append(options, &params.BindOptionWord{Name: "generate-certificates"})
 	}
@@ -620,9 +634,6 @@ func serializeBindParams(b models.BindParams, path string, opt *options.Configur
 	if b.NoCaNames {
 		options = append(options, &params.BindOptionWord{Name: "no-ca-names"})
 	}
-	if b.NoTLSTickets {
-		options = append(options, &params.BindOptionWord{Name: "no-tls-tickets"})
-	}
 	if b.Npn != "" {
 		options = append(options, &params.BindOptionValue{Name: "npn", Value: b.Npn})
 	}
@@ -641,9 +652,14 @@ func serializeBindParams(b models.BindParams, path string, opt *options.Configur
 	if b.SslMinVer != "" {
 		options = append(options, &params.BindOptionValue{Name: "ssl-min-ver", Value: b.SslMinVer})
 	}
-	if b.StrictSni {
+	if b.ForceStrictSni == "enabled" ||
+		b.StrictSni {
 		options = append(options, &params.BindOptionWord{Name: "strict-sni"})
 	}
+	if b.ForceStrictSni == "disabled" ||
+		b.NoStrictSni {
+		options = append(options, &params.BindOptionWord{Name: "no-strict-sni"})
+	}
 	if b.Tfo {
 		options = append(options, &params.BindOptionWord{Name: "tfo"})
 	}