Changes

|Feature stage=DraftDevelopment

|Feature health=OKAt risk|Feature status note=Waiting for feature review

|Feature overview=The goal of this telemetry study is to collect SSL/TLS related data that our users encounter in their daily browsing. This data can be used to decide whether Firefox should support legacy / less secure protocols such as weak keys or SSLv2 .

Explanation of values * Data collected* SSL/TLS Version 0 - Unknown SSL/TLS Version 1 - Not Used 2 - SSLv2 3 - SSLv3 4 - SSLv3.1 / TLS 1.0* Negotiated Ciphersuite** The values are an index mapping to is noted on the array SSL_ImplementedCiphers in privacy [http://mxr.mozilla.org/mozilla-central/source/security/nss/lib/ssl/sslenum.c sslenum.c]** If elliptic curve cryptography (ECC) is not enabled at compile time, then the values are stored as index + 256. This leaks some information about a user's build.** Retrieving the ciphersuite from the data involves performing a lookup in the table, adjusting for ECC if needed.* Generic SSL/TLS Certificate Error** Below values are defined in [http://mxr.mozilla.orgPrivacy/mozilla-centralReviews/sourceTelemetry/security/manager/ssl/public/nsIX509Cert.idl nsIX509Cert.idlSSL_Certificates_And_Errors|review page]** Mapping of below errors to NSS SEC_* errors can be found in [http://mxr.mozilla.org/mozilla-central/source/security/manager/ssl/src/nsNSSCertificate.cpp nsNSSCertificate.cpp] 0 - NOT_VERIFIED_UNKNOWN 1 - CERT_REVOKED 2 - CERT_EXPIRED 3 - CERT_NOT_TRUSTED 4 - ISSUER_NOT_TRUSTED 5 - ISSUER_UNKNOWN 6 - INVALID_CA 7 - USAGE_NOT_ALLOWED* Detailed SSL/TLS Certificate Error** The above generic errors may map to more specific errors** More than one of the below errors can occur. The resulting value will be the bitwise-or of the applicable flags*** Self-signed and untrusted can not occur at the same time 1 - Self-signed Certificate 2 - Untrusted Issuer 4 - Domain Mismatch 8 - Invalid Time (expired / not valid yet)* Server RSA Public Key Modulus 0 - Server doesn't use RSA n - # of bits in server modulus