Confirm
110
edits
Changes
no edit summary
'''Use Cases'''
* Collect ratio of SSL/TLS OK vs FAIL connections
** This should be represented in the number of errors + version datapoints collected below
** This is a sanity check to make sure we aren't missing some workflow
* Collect cipher suites exchanged during handshake and negotiated cipher
** Ciphersuites in PSM are ordered in decreasing preference. The SSL/TLS specification says that the client should send their supported ciphersuites in this order. The server then choose the most preferred ciphersuite that it also supports.
** It would be desirable to disable weak certificates. {{bug|360126}}
* Collect SSL/TLS certificate related errors
** We ignore NSS protocol errors
** We will collect the exact error that NSS returns to PSM if it is a certificate error.
** For some of these errors, we will collect additional information.
** This will allow us to determine what type of error our users are encountering most frequently in the wild.
** Some errors such as self-signed CA may be more worrisome than others such as invalid certificate time.
* Collect count of TLS intolerant websites
** Some websites do not implement the SSL protocol correctly and there is special handling for those cases.
