Security/Features/TLS Telemetry: Difference between revisions

Security/Features/TLS Telemetry (view source)

619 bytes added , 14 December 2011

no edit summary

Confirmed users

110

edits

@@ Line 23: / Line 23: @@
 '''Use Cases'''
+* Collect ratio of SSL/TLS OK vs FAIL connections
+** This should be represented in the number of errors + version datapoints collected below
+** This is a sanity check to make sure we aren't missing some workflow
 * Collect cipher suites exchanged during handshake and negotiated cipher
 ** Ciphersuites in PSM are ordered in decreasing preference. The SSL/TLS specification says that the client should send their supported ciphersuites in this order. The server then choose the most preferred ciphersuite that it also supports.
@@ Line 33: / Line 36: @@
 ** It would be desirable to disable weak certificates. {{bug|360126}}
 * Collect SSL/TLS certificate related errors
+** We ignore NSS protocol errors
+** We will collect the exact error that NSS returns to PSM if it is a certificate error.
+** For some of these errors, we will collect additional information.
+** This will allow us to determine what type of error our users are encountering most frequently in the wild.
+** Some errors such as self-signed CA may be more worrisome than others such as invalid certificate time.
 * Collect count of TLS intolerant websites
 ** Some websites do not implement the SSL protocol correctly and there is special handling for those cases.