Index: net/http/http_network_transaction.cc |
diff --git a/net/http/http_network_transaction.cc b/net/http/http_network_transaction.cc |
index 9bf323d99c9a1599c3c20b28d5cf48e545af29bc..9d779a88d9d349808a5063d283e51a3bfc2c68e7 100644 |
--- a/net/http/http_network_transaction.cc |
+++ b/net/http/http_network_transaction.cc |
@@ -786,6 +786,8 @@ int HttpNetworkTransaction::DoCreateStreamComplete(int result) { |
CopyConnectionAttemptsFromStreamRequest(); |
if (result == OK) { |
+ if (request_->url.SchemeIsCryptographic()) |
+ RecordSSLFallbackMetrics(); |
next_state_ = STATE_INIT_STREAM; |
DCHECK(stream_.get()); |
} else if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) { |
@@ -1530,6 +1532,50 @@ void HttpNetworkTransaction::ResetStateForAuthRestart() { |
establishing_tunnel_ = false; |
} |
+void HttpNetworkTransaction::RecordSSLFallbackMetrics() { |
+ // Note: these values are used in histograms, so new values must be appended. |
+ enum FallbackVersion { |
+ FALLBACK_NONE = 0, // SSL version fallback did not occur. |
+ FALLBACK_SSL3 = 1, // Fell back to SSL 3.0. |
+ FALLBACK_TLS1 = 2, // Fell back to TLS 1.0. |
+ FALLBACK_TLS1_1 = 3, // Fell back to TLS 1.1. |
+ FALLBACK_MAX, |
+ }; |
+ |
+ FallbackVersion fallback = FALLBACK_NONE; |
+ if (server_ssl_config_.version_fallback) { |
+ switch (server_ssl_config_.version_max) { |
+ case SSL_PROTOCOL_VERSION_SSL3: |
+ fallback = FALLBACK_SSL3; |
+ break; |
+ case SSL_PROTOCOL_VERSION_TLS1: |
+ fallback = FALLBACK_TLS1; |
+ break; |
+ case SSL_PROTOCOL_VERSION_TLS1_1: |
+ fallback = FALLBACK_TLS1_1; |
+ break; |
+ default: |
+ NOTREACHED(); |
+ } |
+ } |
+ UMA_HISTOGRAM_ENUMERATION("Net.ConnectionUsedSSLVersionFallback2", fallback, |
+ FALLBACK_MAX); |
+ |
+ // We also wish to measure the amount of fallback connections for a host that |
+ // we know implements TLS up to 1.2. Ideally there would be no fallback here |
+ // but high numbers of SSLv3 would suggest that SSLv3 fallback is being |
+ // caused by network middleware rather than buggy HTTPS servers. |
Ryan Sleevi
2015/05/02 00:37:34
Update this comment to reflect your explanation th
davidben
2015/05/04 17:51:17
Done.
|
+ const std::string& host = request_->url.host(); |
+ if (EndsWith(host, "google.com", true) && |
+ (host.size() == 10 || host[host.size() - 11] == '.')) { |
+ UMA_HISTOGRAM_ENUMERATION("Net.GoogleConnectionUsedSSLVersionFallback2", |
+ fallback, FALLBACK_MAX); |
+ } |
+ |
+ UMA_HISTOGRAM_BOOLEAN("Net.ConnectionUsedSSLDeprecatedCipherFallback2", |
+ server_ssl_config_.enable_deprecated_cipher_suites); |
+} |
+ |
HttpResponseHeaders* HttpNetworkTransaction::GetResponseHeaders() const { |
return response_.headers.get(); |
} |