diff --git a/docs/manual/mod/mod_ssl.html.en b/docs/manual/mod/mod_ssl.html.en

index ca178ab..4580f1c 100644

--- a/docs/manual/mod/mod_ssl.html.en

+++ b/docs/manual/mod/mod_ssl.html.en

@@ -57,6 +57,7 @@ to provide the cryptography engine.

 
 SSLCertificateKeyFile

 
 SSLCipherSuite

 
 SSLCompression

+
 SSLSessionTickets

 
 SSLCryptoDevice

 
 SSLEngine

 
 SSLFIPS

@@ -797,6 +798,26 @@ CRIME attack).

+

+

+
SSLSessionTickets Directive

+

+Description:Enable or disable use of TLS session tickets

+Syntax:SSLSessionTickets on|off

+Default:SSLCompression on

+Context:server config, virtual host

+Status:Extension

+Module:mod_ssl

+Compatibility:Available.

+

+
This directive allows to enable or disable the use of TLS session tickets(RFC 5077).

+

+
TLS session tickets are enabled by default. Using them without restarting

+the web server with an appropriate frequency (e.g. daily) compromises perfect

+forward secrecy.

+

+

+

 
SSLCryptoDevice Directive

diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c

index bbe1d20..4a8b661 100644

--- a/modules/ssl/mod_ssl.c

+++ b/modules/ssl/mod_ssl.c

@@ -141,6 +141,9 @@ static const command_rec ssl_config_cmds[] = {

     SSL_CMD_SRV(Compression, FLAG,

                 "Enable SSL level compression"

                 "(`on', `off')")

+    SSL_CMD_SRV(SessionTickets, FLAG,

+                "Enable or disable TLS session tickets"

+                "(`on', `off')")

     SSL_CMD_SRV(InsecureRenegotiation, FLAG,

                 "Enable support for insecure renegotiation")

     SSL_CMD_ALL(UserName, TAKE1,

diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c

index 9530fcc..86a7f0f 100644

--- a/modules/ssl/ssl_engine_config.c

+++ b/modules/ssl/ssl_engine_config.c

@@ -216,6 +216,7 @@ static SSLSrvConfigRec *ssl_config_server_new(apr_pool_t *p)

 #ifndef OPENSSL_NO_COMP

     sc->compression            = UNSET;

 #endif

+    sc->session_tickets        = UNSET;

     modssl_ctx_init_proxy(sc, p);

@@ -346,6 +347,7 @@ void *ssl_config_server_merge(apr_pool_t *p, void *basev, void *addv)

 #ifndef OPENSSL_NO_COMP

     cfgMergeBool(compression);

 #endif

+    cfgMergeBool(session_tickets);

     modssl_ctx_cfg_merge_proxy(base->proxy, add->proxy, mrg->proxy);

@@ -720,6 +722,17 @@ const char *ssl_cmd_SSLHonorCipherOrder(cmd_parms *cmd, void *dcfg, int flag)

 #endif

 }

+const char *ssl_cmd_SSLSessionTickets(cmd_parms *cmd, void *dcfg, int flag)

+{

+    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);

+#ifndef SSL_OP_NO_TICKET

+    return "This version of OpenSSL does not support using "

+           "SSLSessionTickets.";

+#endif

+    sc->session_tickets = flag ? TRUE : FALSE;

+    return NULL;

+}

+

 const char *ssl_cmd_SSLInsecureRenegotiation(cmd_parms *cmd, void *dcfg, int flag)

 {

 #ifdef SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION

diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c

index 568627f..672760c 100644

--- a/modules/ssl/ssl_engine_init.c

+++ b/modules/ssl/ssl_engine_init.c

@@ -566,6 +566,16 @@ static void ssl_init_ctx_protocol(server_rec *s,

     }

 #endif

+#ifdef SSL_OP_NO_TICKET

+    /*

+     * Configure using RFC 5077 TLS session tickets

+     * for session resumption.

+     */

+    if (sc->session_tickets == FALSE) {

+        SSL_CTX_set_options(ctx, SSL_OP_NO_TICKET);

+    }

+#endif

+

 #ifdef SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION

     if (sc->insecure_reneg == TRUE) {

         SSL_CTX_set_options(ctx, SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION);

diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h

index 0cc6d3f..b601316 100644

--- a/modules/ssl/ssl_private.h

+++ b/modules/ssl/ssl_private.h

@@ -701,6 +701,7 @@ struct SSLSrvConfigRec {

 #ifndef OPENSSL_NO_COMP

     BOOL             compression;

 #endif

+    BOOL             session_tickets;

 };

 /**

@@ -756,6 +757,7 @@ const char  *ssl_cmd_SSLCARevocationFile(cmd_parms *, void *, const char *);

 const char  *ssl_cmd_SSLCARevocationCheck(cmd_parms *, void *, const char *);

 const char  *ssl_cmd_SSLHonorCipherOrder(cmd_parms *cmd, void *dcfg, int flag);

 const char  *ssl_cmd_SSLCompression(cmd_parms *, void *, int flag);

+const char  *ssl_cmd_SSLSessionTickets(cmd_parms *, void *, int flag);

 const char  *ssl_cmd_SSLVerifyClient(cmd_parms *, void *, const char *);

 const char  *ssl_cmd_SSLVerifyDepth(cmd_parms *, void *, const char *);

 const char  *ssl_cmd_SSLSessionCache(cmd_parms *, void *, const char *);