Alexey Ivanov created TS-3007:
---------------------------------
Summary: Stats for all TLS allerts defined in RFC 5246
Key: TS-3007
URL: https://issues.apache.org/jira/browse/TS-3007
Project: Traffic Server
Issue Type: Improvement
Reporter: Alexey Ivanov
Currently we collect following TLS alerts stats:
{code}
proxy.process.ssl.user_agent_other_errors=0
proxy.process.ssl.user_agent_expired_cert=0
proxy.process.ssl.user_agent_revoked_cert=0
proxy.process.ssl.user_agent_unknown_cert=0
proxy.process.ssl.user_agent_cert_verify_failed=0
proxy.process.ssl.user_agent_bad_cert=0
proxy.process.ssl.user_agent_decryption_failed=0
proxy.process.ssl.user_agent_wrong_version=0
proxy.process.ssl.user_agent_unknown_ca=0
/* + same set for origin_server */
{code}
Though [RFC 5246] defines following set:
{code}
enum {
close_notify(0),
unexpected_message(10),
bad_record_mac(20),
decryption_failed_RESERVED(21),
record_overflow(22),
decompression_failure(30),
handshake_failure(40),
no_certificate_RESERVED(41),
bad_certificate(42),
unsupported_certificate(43),
certificate_revoked(44),
certificate_expired(45),
certificate_unknown(46),
illegal_parameter(47),
unknown_ca(48),
access_denied(49),
decode_error(50),
decrypt_error(51),
export_restriction_RESERVED(60),
protocol_version(70),
insufficient_security(71),
internal_error(80),
user_canceled(90),
no_renegotiation(100),
unsupported_extension(110),
(255)
} AlertDescription;
{code}
Probably we want to adjust ATS naming and number of collected stats to match
RFC.
Also maybe it's good idea to put them under {{proxy.process.ssl.alerts}}
[RFC 5246] http://tools.ietf.org/html/rfc5246#section-7.2
--
This message was sent by Atlassian JIRA
(v6.2#6252)
