You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by "Susan Hinrichs (JIRA)" <ji...@apache.org> on 2014/11/20 20:16:34 UTC
[jira] [Updated] (TS-3007) Stats for all TLS alerts defined in RFC
5246
[ https://issues.apache.org/jira/browse/TS-3007?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Susan Hinrichs updated TS-3007:
-------------------------------
Fix Version/s: (was: 5.2.0)
5.3.0
> Stats for all TLS alerts defined in RFC 5246
> ----------------------------------------------
>
> Key: TS-3007
> URL: https://issues.apache.org/jira/browse/TS-3007
> Project: Traffic Server
> Issue Type: Improvement
> Reporter: Alexey Ivanov
> Fix For: 5.3.0
>
>
> Currently we collect following TLS alerts stats:
> {code}
> proxy.process.ssl.user_agent_other_errors=0
> proxy.process.ssl.user_agent_expired_cert=0
> proxy.process.ssl.user_agent_revoked_cert=0
> proxy.process.ssl.user_agent_unknown_cert=0
> proxy.process.ssl.user_agent_cert_verify_failed=0
> proxy.process.ssl.user_agent_bad_cert=0
> proxy.process.ssl.user_agent_decryption_failed=0
> proxy.process.ssl.user_agent_wrong_version=0
> proxy.process.ssl.user_agent_unknown_ca=0
> /* + same set for origin_server */
> {code}
> Though [RFC 5246] defines following set:
> {code}
> enum {
> close_notify(0),
> unexpected_message(10),
> bad_record_mac(20),
> decryption_failed_RESERVED(21),
> record_overflow(22),
> decompression_failure(30),
> handshake_failure(40),
> no_certificate_RESERVED(41),
> bad_certificate(42),
> unsupported_certificate(43),
> certificate_revoked(44),
> certificate_expired(45),
> certificate_unknown(46),
> illegal_parameter(47),
> unknown_ca(48),
> access_denied(49),
> decode_error(50),
> decrypt_error(51),
> export_restriction_RESERVED(60),
> protocol_version(70),
> insufficient_security(71),
> internal_error(80),
> user_canceled(90),
> no_renegotiation(100),
> unsupported_extension(110),
> (255)
> } AlertDescription;
> {code}
> Probably we want to adjust ATS naming and number of collected stats to match RFC.
> Also maybe it's good idea to put them under {{proxy.process.ssl.alerts}}
> [RFC 5246] http://tools.ietf.org/html/rfc5246#section-7.2
> [~briang] Can you take a look into it?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)