Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(119)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/ssl/ssl_failure_state.h

Issue 1127623005: Gather metrics classifying the cause of the TLS fallback. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@fallback-required
Patch Set: rebase Created 5 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« net/socket/ssl_client_socket_openssl.cc ('K') | « net/socket/ssl_client_socket_pool.cc ('k') | tools/metrics/histograms/histograms.xml » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/ssl/ssl_failure_state.h
diff --git a/net/ssl/ssl_failure_state.h b/net/ssl/ssl_failure_state.h
new file mode 100644
index 0000000000000000000000000000000000000000..eabe53c05bc6a0ae8ae8381e98ec13c23ffc2a69
--- /dev/null
+++ b/net/ssl/ssl_failure_state.h
@@ -0,0 +1,43 @@
+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef NET_SSL_SSL_FAILURE_STATE_H_
+#define NET_SSL_SSL_FAILURE_STATE_H_
+
+namespace net {
+
+// Gives more information about the state of the handshake when it failed. This
Ryan Sleevi 2015/05/13 22:26:37 s/the handshake/TLS handshake/ s/when it failed/w
davidben 2015/05/14 23:24:34 Yeah, your's is much better. DOne.
+// is used to classify on causes of the TLS version fallback. These values are
+// used in histograms, so new values must be appended.
+enum SSLFailureState {
+ // The connection was successful.
+ kSSLFailureNone = 0,
+ // The connection failed for unknown reasons.
+ kSSLFailureUnknown = 1,
+ // The connection failed after sending ClientHello and before receiving
+ // ServerHello.
+ kSSLFailureClientHello = 2,
+ // The connection failed after negotiating TLS_RSA_WITH_AES_128_GCM_SHA256 or
+ // TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 and completing the client's second
+ // leg. Some Microsoft IIS servers fail at this point. See
+ // https://crbug.com/433406.
+ kSSLFailureBuggyGCM = 3,
+ // The connection failed after CertificateVerify was sent. Some servers are
+ // known to incorrectly implement TLS 1.2 client auth.
+ kSSLFailureClientAuth = 4,
+ // The connection failed because the server attempted to resume a session at
+ // the wrong version. Some versions of OpenSSL may do this in rare
+ // circumstances. See https://crbug.com/441456
+ kSSLFailureSessionMismatch = 5,
+ // The connection failed after sending the NextProto message. Some F5 servers
+ // fail to parse such messages in TLS 1.1 and TLS 1.2, but not 1.0. See
+ // https://crbug.com/466977.
+ kSSLFailureNextProto = 6,
Ryan Sleevi 2015/05/13 22:26:37 style: Newlines between each value would help (eg
davidben 2015/05/14 23:24:34 Done.
+
+ kSSLFailureMax,
+};
+
+} // namespace net
+
+#endif // NET_SSL_SSL_FAILURE_STATE_H_
« net/socket/ssl_client_socket_openssl.cc ('K') | « net/socket/ssl_client_socket_pool.cc ('k') | tools/metrics/histograms/histograms.xml » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698