The algorithm used to encrypt session tickets. The algorithm determines the length of the key that must be provided.

Value type: enumeration

Default value: "aes_256_cbc_hmac_sha256"

Permitted values:

aes_256_cbc_hmac_sha256: AES-256 CBC with HMAC-SHA256. Requires a total of 64 bytes of key material.

A 16-byte key identifier, with each byte encoded as two hexadecimal digits. Key identifiers are transmitted in plaintext at the beginning of a TLS session ticket, and are used to identify the ticket encryption key that was used to encrypt a ticket. (They correspond to the 'key_name' field in RFC 5077.) They are required to be unique across the set of SSL ticket encryption keys.

Value type: string

Default value: <none>

The session ticket encryption key, with each byte encoded as two hexadecimal digits. The required key length is determined by the chosen key algorithm. See the documentation for the 'algorithm' field for more details.

Value type: password

Default value: <none>

The latest time at which this key may be used to encrypt new session tickets. Given as number of seconds since the epoch (1970-01-01T00:00:00Z).

Value type: seconds

Default value: <none>