Expose `bypass_pem_cache` through rabbitmq.confbypass-pem-cache

Bypassing PEM cache may speed up TLS handshakes in some cases as described
here:
https://blog.heroku.com/how-we-sped-up-sni-tls-handshakes-by-5x

3 files changed, 13 insertions, 0 deletions

diff --git a/deps/rabbit/docs/rabbitmq.conf.example b/deps/rabbit/docs/rabbitmq.conf.example
index 17e023e62c..675d841cc6 100644
--- a/deps/rabbit/docs/rabbitmq.conf.example
+++ b/deps/rabbit/docs/rabbitmq.conf.example
@@ -131,6 +131,8 @@
 # ssl_options.ciphers.35 = ECDH-ECDSA-AES128-SHA
 # ssl_options.ciphers.36 = ECDH-RSA-AES128-SHA
 
+# ssl_options.bypass_pem_cache = true
+
 ## Select an authentication/authorisation backend to use.
 ##
 ## Alternative backends are provided by plugins, such as rabbitmq-auth-backend-ldap.
diff --git a/deps/rabbit/priv/schema/rabbit.schema b/deps/rabbit/priv/schema/rabbit.schema
index 518403c20d..26a61267eb 100644
--- a/deps/rabbit/priv/schema/rabbit.schema
+++ b/deps/rabbit/priv/schema/rabbit.schema
@@ -294,6 +294,9 @@ fun(Conf) ->
     lists:reverse([V || {_, V} <- Settings])
 end}.
 
+{mapping, "ssl_options.bypass_pem_cache", "ssl.bypass_pem_cache",
+    [{datatype, {enum, [true, false]}}]}.
+
 %% ===========================================================================
 
 %% Choose the available SASL mechanism(s) to expose.
diff --git a/deps/rabbit/test/config_schema_SUITE_data/rabbit.snippets b/deps/rabbit/test/config_schema_SUITE_data/rabbit.snippets
index c6ac600dcc..727b9f9759 100644
--- a/deps/rabbit/test/config_schema_SUITE_data/rabbit.snippets
+++ b/deps/rabbit/test/config_schema_SUITE_data/rabbit.snippets
@@ -510,6 +510,14 @@ tcp_listen_options.exit_on_close = false",
   ]}],
   []},
   
+
+  {ssl_options_bypass_pem_cache,
+   "ssl_options.bypass_pem_cache = true",
+   [{ssl, [
+      {bypass_pem_cache, true}
+     ]}],
+   []},
+
  {tcp_listen_options_linger_on,
   "tcp_listen_options.linger.on = true
    tcp_listen_options.linger.timeout = 100",