You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@trafficserver.apache.org by "Alexey Ivanov (JIRA)" <ji...@apache.org> on 2014/08/13 11:26:13 UTC

[jira] [Updated] (TS-3007) Stats for all TLS alerts defined in RFC 5246

     [ https://issues.apache.org/jira/browse/TS-3007?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Alexey Ivanov updated TS-3007:
------------------------------

    Summary: Stats for all TLS alerts defined in RFC 5246    (was: Stats for all TLS allerts defined in RFC 5246  )

> Stats for all TLS alerts defined in RFC 5246  
> ----------------------------------------------
>
>                 Key: TS-3007
>                 URL: https://issues.apache.org/jira/browse/TS-3007
>             Project: Traffic Server
>          Issue Type: Improvement
>            Reporter: Alexey Ivanov
>
> Currently we collect following TLS alerts stats:
> {code}
> proxy.process.ssl.user_agent_other_errors=0
> proxy.process.ssl.user_agent_expired_cert=0
> proxy.process.ssl.user_agent_revoked_cert=0
> proxy.process.ssl.user_agent_unknown_cert=0
> proxy.process.ssl.user_agent_cert_verify_failed=0
> proxy.process.ssl.user_agent_bad_cert=0
> proxy.process.ssl.user_agent_decryption_failed=0
> proxy.process.ssl.user_agent_wrong_version=0
> proxy.process.ssl.user_agent_unknown_ca=0
> /* + same set for origin_server */
> {code}
> Though [RFC 5246] defines following set:
> {code}
>       enum {
>           close_notify(0),
>           unexpected_message(10),
>           bad_record_mac(20),
>           decryption_failed_RESERVED(21),
>           record_overflow(22),
>           decompression_failure(30),
>           handshake_failure(40),
>           no_certificate_RESERVED(41),
>           bad_certificate(42),
>           unsupported_certificate(43),
>           certificate_revoked(44),
>           certificate_expired(45),
>           certificate_unknown(46),
>           illegal_parameter(47),
>           unknown_ca(48),
>           access_denied(49),
>           decode_error(50),
>           decrypt_error(51),
>           export_restriction_RESERVED(60),
>           protocol_version(70),
>           insufficient_security(71),
>           internal_error(80),
>           user_canceled(90),
>           no_renegotiation(100),
>           unsupported_extension(110),
>           (255)
>       } AlertDescription;
> {code}
> Probably we want to adjust ATS naming and number of collected stats to match RFC.
> Also maybe it's good idea to put them under {{proxy.process.ssl.alerts}}
> [RFC 5246] http://tools.ietf.org/html/rfc5246#section-7.2



--
This message was sent by Atlassian JIRA
(v6.2#6252)