SSLClientSessionCache: Log number of times Lookup is called per Session.

net/socket/ssl_client_socket_impl.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/socket/ssl_client_socket_impl.h"
 
 #include <errno.h>
 #include <string.h>
 
 #include <algorithm>
@@ skipping 927 matching lines @@
   // 6066, Section 3).
   //
   // TODO(rsleevi): Should this code allow hostnames that violate the LDH rule?
   // See https://crbug.com/496472 and https://crbug.com/496468 for discussion.
   IPAddress unused;
   if (!unused.AssignFromIPLiteral(host_and_port_.host()) &&
       !SSL_set_tlsext_host_name(ssl_.get(), host_and_port_.host().c_str())) {
     return ERR_UNEXPECTED;
   }
 
-  bssl::UniquePtr<SSL_SESSION> session =
-      context->session_cache()->Lookup(GetSessionCacheKey());
+  bssl::UniquePtr<SSL_SESSION> session = context->session_cache()->Lookup(
+      GetSessionCacheKey(), &ssl_session_cache_lookup_count_);
   if (session)
     SSL_set_session(ssl_.get(), session.get());
 
   transport_adapter_.reset(new SocketBIOAdapter(
       transport_->socket(), GetBufferSize("SSLBufferSizeRecv"),
       GetBufferSize("SSLBufferSizeSend"), this));
   BIO* transport_bio = transport_adapter_->bio();
 
   BIO_up_ref(transport_bio);  // SSL_set0_rbio takes ownership.
   SSL_set0_rbio(ssl_.get(), transport_bio);
@@ skipping 180 matching lines @@
   }
 
   next_handshake_state_ = STATE_HANDSHAKE_COMPLETE;
   return net_error;
 }
 
 int SSLClientSocketImpl::DoHandshakeComplete(int result) {
   if (result < 0)
     return result;
 
+  SSLContext::GetInstance()->session_cache()->ResetLookupCount(
+      GetSessionCacheKey());
+  // If we got a session from the session cache, log how many concurrent
+  // handshakes that session was used in before we finished our handshake. This
+  // is only recorded if the session from the cache was actually used, and only
+  // if the ALPN protocol is h2 (under the assumption that TLS 1.3 servers will
+  // be speaking h2).

[davidben, 2017/01/19 21:56:12]

Nit: Probably link to the bug here too, so it's clear this is about tuning
numbers for single-use tickets.

[nharper, 2017/01/19 22:09:07]

Done.

+  if (ssl_session_cache_lookup_count_ && negotiated_protocol_ == kProtoHTTP2 &&
+      SSL_session_reused(ssl_.get())) {
+    UMA_HISTOGRAM_EXACT_LINEAR("Net.SSLSessionConcurrentLookupCount",
+                               ssl_session_cache_lookup_count_, 20);
+  }
+
   // DHE is offered on the deprecated cipher fallback and then rejected
   // afterwards. This is to aid in diagnosing connection failures because a
   // server requires DHE ciphers.
   //
   // TODO(davidben): A few releases after DHE's removal, remove this logic.
   if (!ssl_config_.dhe_enabled &&
       SSL_CIPHER_is_DHE(SSL_get_current_cipher(ssl_.get()))) {
     return ERR_SSL_OBSOLETE_CIPHER;
   }
 
@@ skipping 888 matching lines @@
     if (ERR_GET_REASON(info->error_code) == SSL_R_TLSV1_ALERT_ACCESS_DENIED &&
         !certificate_requested_) {
       net_error = ERR_SSL_PROTOCOL_ERROR;
     }
   }
 
   return net_error;
 }
 
 }  // namespace net