OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/socket/ssl_client_socket_pool.h" | 5 #include "net/socket/ssl_client_socket_pool.h" |
6 | 6 |
7 #include <utility> | 7 #include <utility> |
8 | 8 |
9 #include "base/bind.h" | 9 #include "base/bind.h" |
10 #include "base/bind_helpers.h" | 10 #include "base/bind_helpers.h" |
(...skipping 355 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
366 UMA_HISTOGRAM_ENUMERATION("Net.SSLVersion", SSLConnectionStatusToVersion( | 366 UMA_HISTOGRAM_ENUMERATION("Net.SSLVersion", SSLConnectionStatusToVersion( |
367 ssl_info.connection_status), | 367 ssl_info.connection_status), |
368 SSL_CONNECTION_VERSION_MAX); | 368 SSL_CONNECTION_VERSION_MAX); |
369 | 369 |
370 uint16_t cipher_suite = | 370 uint16_t cipher_suite = |
371 SSLConnectionStatusToCipherSuite(ssl_info.connection_status); | 371 SSLConnectionStatusToCipherSuite(ssl_info.connection_status); |
372 UMA_HISTOGRAM_SPARSE_SLOWLY("Net.SSL_CipherSuite", cipher_suite); | 372 UMA_HISTOGRAM_SPARSE_SLOWLY("Net.SSL_CipherSuite", cipher_suite); |
373 | 373 |
374 const char *str, *cipher_str, *mac_str; | 374 const char *str, *cipher_str, *mac_str; |
375 bool is_aead; | 375 bool is_aead; |
| 376 bool is_cecpq1 = false; |
376 SSLCipherSuiteToStrings(&str, &cipher_str, &mac_str, &is_aead, | 377 SSLCipherSuiteToStrings(&str, &cipher_str, &mac_str, &is_aead, |
377 cipher_suite); | 378 cipher_suite); |
378 // UMA_HISTOGRAM_... macros cache the Histogram instance and thus only work | 379 // UMA_HISTOGRAM_... macros cache the Histogram instance and thus only work |
379 // if the histogram name is constant, so don't generate it dynamically. | 380 // if the histogram name is constant, so don't generate it dynamically. |
380 if (strncmp(str, "DHE_", 4) == 0) { | 381 if (strncmp(str, "DHE_", 4) == 0) { |
381 UMA_HISTOGRAM_SPARSE_SLOWLY("Net.SSL_KeyExchange.DHE", | 382 UMA_HISTOGRAM_SPARSE_SLOWLY("Net.SSL_KeyExchange.DHE", |
382 ssl_info.key_exchange_info); | 383 ssl_info.key_exchange_info); |
383 } else if (strncmp(str, "ECDHE_", 6) == 0) { | 384 } else if (strncmp(str, "ECDHE_", 6) == 0) { |
384 UMA_HISTOGRAM_SPARSE_SLOWLY("Net.SSL_KeyExchange.ECDHE", | 385 UMA_HISTOGRAM_SPARSE_SLOWLY("Net.SSL_KeyExchange.ECDHE", |
385 ssl_info.key_exchange_info); | 386 ssl_info.key_exchange_info); |
386 } else if (strncmp(str, "CECPQ1_", 7) == 0) { | 387 } else if (strncmp(str, "CECPQ1_", 7) == 0) { |
387 // Nothing. | 388 is_cecpq1 = true; |
388 } else { | 389 } else { |
389 DCHECK_EQ(0, strcmp(str, "RSA")); | 390 DCHECK_EQ(0, strcmp(str, "RSA")); |
390 } | 391 } |
391 | 392 |
392 if (ssl_info.handshake_type == SSLInfo::HANDSHAKE_RESUME) { | 393 if (ssl_info.handshake_type == SSLInfo::HANDSHAKE_RESUME) { |
393 UMA_HISTOGRAM_CUSTOM_TIMES("Net.SSL_Connection_Latency_Resume_Handshake", | 394 UMA_HISTOGRAM_CUSTOM_TIMES("Net.SSL_Connection_Latency_Resume_Handshake", |
394 connect_duration, | 395 connect_duration, |
395 base::TimeDelta::FromMilliseconds(1), | 396 base::TimeDelta::FromMilliseconds(1), |
396 base::TimeDelta::FromMinutes(1), | 397 base::TimeDelta::FromMinutes(1), |
397 100); | 398 100); |
(...skipping 22 matching lines...) Expand all Loading... |
420 base::TimeDelta::FromMilliseconds(1), | 421 base::TimeDelta::FromMilliseconds(1), |
421 base::TimeDelta::FromMinutes(1), | 422 base::TimeDelta::FromMinutes(1), |
422 100); | 423 100); |
423 } else if (ssl_info.handshake_type == SSLInfo::HANDSHAKE_FULL) { | 424 } else if (ssl_info.handshake_type == SSLInfo::HANDSHAKE_FULL) { |
424 UMA_HISTOGRAM_CUSTOM_TIMES("Net.SSL_Connection_Latency_Google_" | 425 UMA_HISTOGRAM_CUSTOM_TIMES("Net.SSL_Connection_Latency_Google_" |
425 "Full_Handshake", | 426 "Full_Handshake", |
426 connect_duration, | 427 connect_duration, |
427 base::TimeDelta::FromMilliseconds(1), | 428 base::TimeDelta::FromMilliseconds(1), |
428 base::TimeDelta::FromMinutes(1), | 429 base::TimeDelta::FromMinutes(1), |
429 100); | 430 100); |
| 431 |
| 432 // These are hosts that we expect to always offer CECPQ1. Connections |
| 433 // to them, whether or not this browser is in the experiment group, form |
| 434 // the basis of our comparisons. |
| 435 bool cecpq1_supported = |
| 436 (host == "play.google.com" || host == "checkout.google.com" || |
| 437 host == "wallet.google.com"); |
| 438 if (cecpq1_supported) { |
| 439 UMA_HISTOGRAM_CUSTOM_TIMES( |
| 440 "Net.SSL_Connection_Latency_PostQuantumSupported_Full_Handshake", |
| 441 connect_duration, base::TimeDelta::FromMilliseconds(1), |
| 442 base::TimeDelta::FromMinutes(1), 100); |
| 443 if (SSLClientSocket::IsPostQuantumExperimentEnabled()) { |
| 444 // But don't trust that these hosts offer CECPQ1: make sure. If |
| 445 // we're doing everything right on the server side, |is_cecpq1| |
| 446 // should always be true if we get here, modulo MITM. |
| 447 UMA_HISTOGRAM_BOOLEAN("Net.SSL_Connection_PostQuantum_Negotiated", |
| 448 is_cecpq1); |
| 449 } |
| 450 } |
430 } | 451 } |
431 } | 452 } |
432 } | 453 } |
433 | 454 |
434 UMA_HISTOGRAM_SPARSE_SLOWLY("Net.SSL_Connection_Error", std::abs(result)); | 455 UMA_HISTOGRAM_SPARSE_SLOWLY("Net.SSL_Connection_Error", std::abs(result)); |
435 | 456 |
436 if (result == OK || IsCertificateError(result)) { | 457 if (result == OK || IsCertificateError(result)) { |
437 SetSocket(std::move(ssl_socket_)); | 458 SetSocket(std::move(ssl_socket_)); |
438 } else if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) { | 459 } else if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) { |
439 error_response_info_.cert_request_info = new SSLCertRequestInfo; | 460 error_response_info_.cert_request_info = new SSLCertRequestInfo; |
(...skipping 230 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
670 if (base_.CloseOneIdleSocket()) | 691 if (base_.CloseOneIdleSocket()) |
671 return true; | 692 return true; |
672 return base_.CloseOneIdleConnectionInHigherLayeredPool(); | 693 return base_.CloseOneIdleConnectionInHigherLayeredPool(); |
673 } | 694 } |
674 | 695 |
675 void SSLClientSocketPool::OnSSLConfigChanged() { | 696 void SSLClientSocketPool::OnSSLConfigChanged() { |
676 FlushWithError(ERR_NETWORK_CHANGED); | 697 FlushWithError(ERR_NETWORK_CHANGED); |
677 } | 698 } |
678 | 699 |
679 } // namespace net | 700 } // namespace net |
OLD | NEW |