Confirm
110
edits
Changes
no edit summary
|Feature additional members=Brandon Sterne
}}
{{FeaturePageBody|Feature implementation notes=== Measurement to Collect ==We will collect five histograms of data.* SSL/TLS Version 0 - Unknown SSL/TLS Version 1 - Not Used 2 - SSLv2 3 - SSLv3 4 - SSLv3.1 / TLS 1.0* Negotiated Ciphersuite** The values are an index mapping to the array SSL_ImplementedCiphers in [http://mxr.mozilla.org/mozilla-central/source/security/nss/lib/ssl/sslenum.c sslenum.c]** If elliptic curve cryptography (ECC) is not enabled at compile time, then the values are stored as index + 256. This leaks some information about a user's build.** Retrieving the ciphersuite from the data involves performing a lookup in the table, adjusting for ECC if needed.* Generic SSL/TLS Certificate Error** Below values are defined in [http://mxr.mozilla.org/mozilla-central/source/security/manager/ssl/public/nsIX509Cert.idl nsIX509Cert.idl]** Mapping of below errors to NSS SEC_* errors can be found in [http://mxr.mozilla.org/mozilla-central/source/security/manager/ssl/src/nsNSSCertificate.cpp nsNSSCertificate.cpp] 0 - NOT_VERIFIED_UNKNOWN 1 - CERT_REVOKED 2 - CERT_EXPIRED 3 - CERT_NOT_TRUSTED 4 - ISSUER_NOT_TRUSTED 5 - ISSUER_UNKNOWN 6 - INVALID_CA 7 - USAGE_NOT_ALLOWED* Detailed SSL/TLS Certificate Error** The above generic errors may map to more specific errors** More than one of the below errors can occur. The resulting value will be the bitwise-or of the applicable flags*** Self-signed and untrusted can not occur at the same time 1 - Self-signed Certificate 2 - Untrusted Issuer 4 - Domain Mismatch 8 - Invalid Time (expired / not valid yet)* Server RSA Public Key Modulus 0 - Server doesn't use RSA n - # of bits in server modulus }}
{{FeatureInfo
|Feature priority=Unprioritized
|Feature engineering team=Security
}}
{{FeatureTeamStatus
