Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(21)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 1127623005: Gather metrics classifying the cause of the TLS fallback. (Closed)

Created:
5 years, 7 months ago by davidben
Modified:
5 years, 7 months ago
CC:
chromium-reviews, cbentzel+watch_chromium.org, asvitkine+watch_chromium.org
Base URL:
https://chromium.googlesource.com/chromium/src.git@fallback-required
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

Gather metrics classifying the cause of the TLS fallback. This CL classifies the following fallback triggers in BoringSSL ports: - ClientHello intolerance. - Microsoft's buggy AES-GCM implementation. - CertificateVerify was rejected (some servers broke TLS 1.2 client auth). - Resuming a session at the wrong version. - F5's buggy NPN implementation. - Other. It also records how often each error code triggers the fallback. Initial numbers for the fixed metrics are actually rather encouraging, but put this in place for the same release if larger populations' numbers are worse and we'd need to carve out large swathes of intolerance with less problematic workarounds. BUG=459690 Committed: https://crrev.com/f2eaaf999fd18ea3724f57116783ff17410c19ce Cr-Commit-Position: refs/heads/master@{#330215}

Patch Set 1 #

Patch Set 2 : revise comments #

Patch Set 3 : mock #

Patch Set 4 : rebase #

Total comments: 8

Patch Set 5 : rsleevi comments #

Total comments: 7

Patch Set 6 : asvitkine comments #

Patch Set 7 : missing header #

Unified diffs Side-by-side diffs Delta from patch set Stats (+205 lines, -16 lines) Patch
M chrome/browser/extensions/api/socket/tls_socket_unittest.cc View 1 2 3 4 1 chunk +1 line, -0 lines 0 comments Download
M net/http/http_network_transaction.h View 3 chunks +8 lines, -1 line 0 comments Download
M net/http/http_network_transaction.cc View 1 2 3 4 5 6 6 chunks +20 lines, -3 lines 0 comments Download
M net/http/http_stream_factory.h View 2 chunks +5 lines, -2 lines 0 comments Download
M net/http/http_stream_factory_impl_job.cc View 1 2 3 4 5 2 chunks +8 lines, -3 lines 0 comments Download
M net/http/http_stream_factory_impl_request.h View 2 chunks +5 lines, -1 line 0 comments Download
M net/http/http_stream_factory_impl_request.cc View 2 chunks +3 lines, -2 lines 0 comments Download
M net/http/http_stream_factory_impl_request_unittest.cc View 1 2 3 4 5 3 chunks +5 lines, -2 lines 0 comments Download
M net/http/http_stream_factory_impl_unittest.cc View 1 chunk +3 lines, -1 line 0 comments Download
M net/net.gypi View 1 2 3 1 chunk +1 line, -0 lines 0 comments Download
M net/socket/client_socket_handle.h View 4 chunks +6 lines, -0 lines 0 comments Download
M net/socket/client_socket_handle.cc View 1 2 3 4 5 2 chunks +4 lines, -1 line 0 comments Download
M net/socket/socket_test_util.h View 1 chunk +1 line, -0 lines 0 comments Download
M net/socket/socket_test_util.cc View 1 2 3 4 5 2 chunks +5 lines, -0 lines 0 comments Download
M net/socket/ssl_client_socket.h View 1 2 3 4 5 2 chunks +6 lines, -0 lines 0 comments Download
M net/socket/ssl_client_socket_nss.h View 1 2 3 1 chunk +3 lines, -0 lines 0 comments Download
M net/socket/ssl_client_socket_nss.cc View 1 2 3 4 5 2 chunks +7 lines, -0 lines 0 comments Download
M net/socket/ssl_client_socket_openssl.h View 1 2 3 3 chunks +3 lines, -0 lines 0 comments Download
M net/socket/ssl_client_socket_openssl.cc View 1 2 3 4 5 5 chunks +34 lines, -0 lines 0 comments Download
M net/socket/ssl_client_socket_pool.cc View 1 chunk +2 lines, -0 lines 0 comments Download
A net/ssl/ssl_failure_state.h View 1 2 3 4 5 1 chunk +49 lines, -0 lines 0 comments Download
M tools/metrics/histograms/histograms.xml View 1 2 3 2 chunks +26 lines, -0 lines 0 comments Download

Messages

Total messages: 16 (4 generated)
davidben
This is slightly buggy without https://boringssl-review.googlesource.com/#/c/4733/, but sending it out for review now so that ...
5 years, 7 months ago (2015-05-13 19:23:00 UTC) #2
Ryan Sleevi
Overall this approach works for me. A few bugs though https://codereview.chromium.org/1127623005/diff/60001/net/socket/client_socket_handle.cc File net/socket/client_socket_handle.cc (right): https://codereview.chromium.org/1127623005/diff/60001/net/socket/client_socket_handle.cc#newcode77 ...
5 years, 7 months ago (2015-05-13 22:26:37 UTC) #3
davidben
+asargent for chrome/browser/extensions +asvitkine for histograms.xml https://codereview.chromium.org/1127623005/diff/60001/net/socket/client_socket_handle.cc File net/socket/client_socket_handle.cc (right): https://codereview.chromium.org/1127623005/diff/60001/net/socket/client_socket_handle.cc#newcode77 net/socket/client_socket_handle.cc:77: pending_http_proxy_connection_.reset(); On 2015/05/13 ...
5 years, 7 months ago (2015-05-14 23:24:34 UTC) #5
Ryan Sleevi
lgtm https://codereview.chromium.org/1127623005/diff/80001/chrome/browser/extensions/api/socket/tls_socket_unittest.cc File chrome/browser/extensions/api/socket/tls_socket_unittest.cc (right): https://codereview.chromium.org/1127623005/diff/80001/chrome/browser/extensions/api/socket/tls_socket_unittest.cc#newcode69 chrome/browser/extensions/api/socket/tls_socket_unittest.cc:69: MOCK_CONST_METHOD0(GetSSLFailureState, net::SSLFailureState()); Not your fault, but a lot ...
5 years, 7 months ago (2015-05-14 23:30:20 UTC) #6
davidben
(For completeness, when this CL lands, the prerequisite[*] BoringSSL roll will be in. https://codereview.chromium.org/1126233010/ ) ...
5 years, 7 months ago (2015-05-14 23:35:06 UTC) #7
Alexei Svitkine (slow)
https://codereview.chromium.org/1127623005/diff/80001/net/http/http_network_transaction.cc File net/http/http_network_transaction.cc (right): https://codereview.chromium.org/1127623005/diff/80001/net/http/http_network_transaction.cc#newcode1489 net/http/http_network_transaction.cc:1489: net::GetAllErrorCodesForUma()); It's more efficient to use UMA_HISTOGRAM_SPARSE_SLOWLY() in this ...
5 years, 7 months ago (2015-05-15 14:39:37 UTC) #8
asargent_no_longer_on_chrome
c/b/e lgtm
5 years, 7 months ago (2015-05-15 17:50:38 UTC) #9
davidben
https://codereview.chromium.org/1127623005/diff/80001/chrome/browser/extensions/api/socket/tls_socket_unittest.cc File chrome/browser/extensions/api/socket/tls_socket_unittest.cc (right): https://codereview.chromium.org/1127623005/diff/80001/chrome/browser/extensions/api/socket/tls_socket_unittest.cc#newcode69 chrome/browser/extensions/api/socket/tls_socket_unittest.cc:69: MOCK_CONST_METHOD0(GetSSLFailureState, net::SSLFailureState()); On 2015/05/14 23:30:20, Ryan Sleevi wrote: > ...
5 years, 7 months ago (2015-05-15 18:00:24 UTC) #10
Alexei Svitkine (slow)
lgtm https://codereview.chromium.org/1127623005/diff/80001/net/http/http_network_transaction.cc File net/http/http_network_transaction.cc (right): https://codereview.chromium.org/1127623005/diff/80001/net/http/http_network_transaction.cc#newcode1489 net/http/http_network_transaction.cc:1489: net::GetAllErrorCodesForUma()); On 2015/05/15 18:00:23, David Benjamin wrote: > ...
5 years, 7 months ago (2015-05-15 18:05:22 UTC) #11
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1127623005/120001
5 years, 7 months ago (2015-05-15 20:31:50 UTC) #14
commit-bot: I haz the power
Committed patchset #7 (id:120001)
5 years, 7 months ago (2015-05-15 22:18:50 UTC) #15
commit-bot: I haz the power
5 years, 7 months ago (2015-05-18 11:28:23 UTC) #16
Message was sent while issue was closed. 
Patchset 7 (id:??) landed as
https://crrev.com/f2eaaf999fd18ea3724f57116783ff17410c19ce
Cr-Commit-Position: refs/heads/master@{#330215}

Powered by Google App Engine
This is Rietveld 408576698