Skip to content
This repository was archived by the owner on Jul 9, 2025. It is now read-only.

Commit c2d3df7

Browse files
committed
Bug 1944631 - Migrate histograms to use Glean APIs for SSL_HANDSHAKE_*, r=chutten.
Differential Revision: https://phabricator.services.mozilla.com/D235665
1 parent f6a0d56 commit c2d3df7

File tree

4 files changed

+185
-8
lines changed

4 files changed

+185
-8
lines changed

security/manager/ssl/NSSSocketControl.cpp

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -147,7 +147,7 @@ void NSSSocketControl::SetHandshakeCompleted() {
147147
// that means that TLS session resumption must have been used.
148148
Telemetry::Accumulate(Telemetry::SSL_RESUMED_SESSION,
149149
handshakeType == Resumption);
150-
Telemetry::Accumulate(Telemetry::SSL_HANDSHAKE_TYPE, handshakeType);
150+
glean::ssl_handshake::completed.AccumulateSingleSample(handshakeType);
151151
}
152152

153153
// Remove the plaintext layer as it is not needed anymore.

security/manager/ssl/metrics.yaml

Lines changed: 177 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -559,3 +559,180 @@ cert_pinning:
559559
- pinning@mozilla.org
560560
expires: never
561561
telemetry_mirror: CERT_PINNING_MOZ_TEST_RESULTS_BY_HOST
562+
563+
ssl_handshake:
564+
version:
565+
type: custom_distribution
566+
description: >
567+
Negotiated SSL Version (1=tls1, 2=tls1.1, 3=tls1.2, 4=tls1.3)
568+
569+
This metric was generated to correspond to the Legacy Telemetry enumerated
570+
histogram SSL_HANDSHAKE_VERSION.
571+
range_min: 0
572+
range_max: 16
573+
bucket_count: 17
574+
histogram_type: linear
575+
bugs:
576+
- https://bugzilla.mozilla.org/show_bug.cgi?id=1250568
577+
- https://bugzilla.mozilla.org/show_bug.cgi?id=1340021
578+
data_reviews:
579+
- https://bugzilla.mozilla.org/show_bug.cgi?id=1250568
580+
- https://bugzilla.mozilla.org/show_bug.cgi?id=1340021
581+
notification_emails:
582+
- seceng-telemetry@mozilla.com
583+
expires: never
584+
telemetry_mirror: SSL_HANDSHAKE_VERSION
585+
586+
privacy:
587+
type: custom_distribution
588+
description: >
589+
0th bit - TLS13 used? 1th bit - Revocation Privacy, 2nd bit - DNS Privacy,
590+
3rd bit - ECH Privacy
591+
592+
This metric was generated to correspond to the Legacy Telemetry enumerated
593+
histogram SSL_HANDSHAKE_PRIVACY.
594+
range_min: 0
595+
range_max: 16
596+
bucket_count: 17
597+
histogram_type: linear
598+
bugs:
599+
- https://bugzilla.mozilla.org/show_bug.cgi?id=1788290
600+
data_reviews:
601+
- https://bugzilla.mozilla.org/show_bug.cgi?id=1788290
602+
notification_emails:
603+
- seceng-telemetry@mozilla.com
604+
expires: never
605+
telemetry_mirror: SSL_HANDSHAKE_PRIVACY
606+
607+
result:
608+
type: custom_distribution
609+
description: >
610+
SSL handshake result, 0=success, 1-255=NSS error offset, 256-511=SEC error
611+
offset + 256, 512-639=NSPR error offset + 512, 640-670=PKIX error,
612+
671=unknown err
613+
614+
This metric was generated to correspond to the Legacy Telemetry enumerated
615+
histogram SSL_HANDSHAKE_RESULT.
616+
range_min: 0
617+
range_max: 672
618+
bucket_count: 673
619+
histogram_type: linear
620+
bugs:
621+
- https://bugzilla.mozilla.org/show_bug.cgi?id=1331280
622+
- https://bugzilla.mozilla.org/show_bug.cgi?id=1340021
623+
data_reviews:
624+
- https://bugzilla.mozilla.org/show_bug.cgi?id=1331280
625+
- https://bugzilla.mozilla.org/show_bug.cgi?id=1340021
626+
notification_emails:
627+
- seceng-telemetry@mozilla.com
628+
expires: never
629+
telemetry_mirror: SSL_HANDSHAKE_RESULT
630+
631+
result_first_try:
632+
type: custom_distribution
633+
description: >
634+
SSL handshake result for first-try connections, 0=success, 1-255=NSS error
635+
offset, 256-511=SEC error offset + 256, 512-639=NSPR error offset + 512,
636+
640-670=PKIX error, 671=unknown err
637+
638+
This metric was generated to correspond to the Legacy Telemetry enumerated
639+
histogram SSL_HANDSHAKE_RESULT_FIRST_TRY.
640+
range_min: 0
641+
range_max: 672
642+
bucket_count: 673
643+
histogram_type: linear
644+
bugs:
645+
- https://bugzilla.mozilla.org/show_bug.cgi?id=1780014
646+
data_reviews:
647+
- https://bugzilla.mozilla.org/show_bug.cgi?id=1780014
648+
notification_emails:
649+
- seceng-telemetry@mozilla.com
650+
expires: never
651+
telemetry_mirror: SSL_HANDSHAKE_RESULT_FIRST_TRY
652+
653+
result_conservative:
654+
type: custom_distribution
655+
description: >
656+
SSL handshake result for conservative mode connections, 0=success,
657+
1-255=NSS error offset, 256-511=SEC error offset + 256, 512-639=NSPR error
658+
offset + 512, 640-670=PKIX error, 671=unknown err
659+
660+
This metric was generated to correspond to the Legacy Telemetry enumerated
661+
histogram SSL_HANDSHAKE_RESULT_CONSERVATIVE.
662+
range_min: 0
663+
range_max: 672
664+
bucket_count: 673
665+
histogram_type: linear
666+
bugs:
667+
- https://bugzilla.mozilla.org/show_bug.cgi?id=1780014
668+
data_reviews:
669+
- https://bugzilla.mozilla.org/show_bug.cgi?id=1780014
670+
notification_emails:
671+
- seceng-telemetry@mozilla.com
672+
expires: never
673+
telemetry_mirror: SSL_HANDSHAKE_RESULT_CONSERVATIVE
674+
675+
result_ech:
676+
type: custom_distribution
677+
description: >
678+
SSL handshake result for connections which used ECH 'Real', 0=success,
679+
1-255=NSS error offset, 256-511=SEC error offset + 256, 512-639=NSPR error
680+
offset + 512, 640-670=PKIX error, 671=unknown err
681+
682+
This metric was generated to correspond to the Legacy Telemetry enumerated
683+
histogram SSL_HANDSHAKE_RESULT_ECH.
684+
range_min: 0
685+
range_max: 672
686+
bucket_count: 673
687+
histogram_type: linear
688+
bugs:
689+
- https://bugzilla.mozilla.org/show_bug.cgi?id=1771479
690+
data_reviews:
691+
- https://bugzilla.mozilla.org/show_bug.cgi?id=1771479
692+
notification_emails:
693+
- seceng-telemetry@mozilla.com
694+
expires: never
695+
telemetry_mirror: SSL_HANDSHAKE_RESULT_ECH
696+
697+
result_ech_grease:
698+
type: custom_distribution
699+
description: >
700+
SSL handshake result for connections which used ECH GREASE, 0=success,
701+
1-255=NSS error offset, 256-511=SEC error offset + 256, 512-639=NSPR error
702+
offset + 512, 640-670=PKIX error, 671=unknown err
703+
704+
This metric was generated to correspond to the Legacy Telemetry enumerated
705+
histogram SSL_HANDSHAKE_RESULT_ECH_GREASE.
706+
range_min: 0
707+
range_max: 672
708+
bucket_count: 673
709+
histogram_type: linear
710+
bugs:
711+
- https://bugzilla.mozilla.org/show_bug.cgi?id=1771479
712+
data_reviews:
713+
- https://bugzilla.mozilla.org/show_bug.cgi?id=1771479
714+
notification_emails:
715+
- seceng-telemetry@mozilla.com
716+
expires: never
717+
telemetry_mirror: SSL_HANDSHAKE_RESULT_ECH_GREASE
718+
719+
completed:
720+
type: custom_distribution
721+
description: >
722+
Type of handshake (1=resumption, 2=false started, 3=chose not to false
723+
start, 4=not allowed to false start)
724+
725+
This metric was generated to correspond to the Legacy Telemetry enumerated
726+
histogram SSL_HANDSHAKE_TYPE.
727+
range_min: 0
728+
range_max: 8
729+
bucket_count: 9
730+
histogram_type: linear
731+
bugs:
732+
- https://bugzilla.mozilla.org/show_bug.cgi?id=1862062
733+
data_reviews:
734+
- https://bugzilla.mozilla.org/show_bug.cgi?id=1862062
735+
notification_emails:
736+
- seceng-telemetry@mozilla.com
737+
expires: never
738+
telemetry_mirror: SSL_HANDSHAKE_TYPE

security/manager/ssl/nsNSSCallbacks.cpp

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1011,7 +1011,7 @@ void HandshakeCallback(PRFileDesc* fd, void* client_data) {
10111011
// 1=tls1, 2=tls1.1, 3=tls1.2, 4=tls1.3
10121012
unsigned int versionEnum = channelInfo.protocolVersion & 0xFF;
10131013
MOZ_ASSERT(versionEnum > 0);
1014-
Telemetry::Accumulate(Telemetry::SSL_HANDSHAKE_VERSION, versionEnum);
1014+
glean::ssl_handshake::version.AccumulateSingleSample(versionEnum);
10151015

10161016
SSLCipherSuiteInfo cipherInfo;
10171017
rv = SSL_GetCipherSuiteInfo(channelInfo.cipherSuite, &cipherInfo,

security/manager/ssl/nsNSSIOLayer.cpp

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -571,24 +571,24 @@ static void reportHandshakeResult(int32_t bytesTransferred, bool wasReading,
571571

572572
uint32_t flags = socketInfo->GetProviderFlags();
573573
if (!(flags & nsISocketProvider::IS_RETRY)) {
574-
Telemetry::Accumulate(Telemetry::SSL_HANDSHAKE_RESULT_FIRST_TRY, bucket);
574+
glean::ssl_handshake::result_first_try.AccumulateSingleSample(bucket);
575575
}
576576

577577
if (flags & nsISocketProvider::BE_CONSERVATIVE) {
578-
Telemetry::Accumulate(Telemetry::SSL_HANDSHAKE_RESULT_CONSERVATIVE, bucket);
578+
glean::ssl_handshake::result_conservative.AccumulateSingleSample(bucket);
579579
}
580580

581581
switch (socketInfo->GetEchExtensionStatus()) {
582582
case EchExtensionStatus::kGREASE:
583-
Telemetry::Accumulate(Telemetry::SSL_HANDSHAKE_RESULT_ECH_GREASE, bucket);
583+
glean::ssl_handshake::result_ech_grease.AccumulateSingleSample(bucket);
584584
break;
585585
case EchExtensionStatus::kReal:
586-
Telemetry::Accumulate(Telemetry::SSL_HANDSHAKE_RESULT_ECH, bucket);
586+
glean::ssl_handshake::result_ech.AccumulateSingleSample(bucket);
587587
break;
588588
default:
589589
break;
590590
}
591-
Telemetry::Accumulate(Telemetry::SSL_HANDSHAKE_RESULT, bucket);
591+
glean::ssl_handshake::result.AccumulateSingleSample(bucket);
592592

593593
if (bucket == 0) {
594594
nsCOMPtr<nsITransportSecurityInfo> securityInfo;
@@ -622,7 +622,7 @@ static void reportHandshakeResult(int32_t bytesTransferred, bool wasReading,
622622
TLSPrivacyResult |= usedPrivateDNS << 2;
623623
TLSPrivacyResult |= usedECH << 3;
624624

625-
Telemetry::Accumulate(Telemetry::SSL_HANDSHAKE_PRIVACY, TLSPrivacyResult);
625+
glean::ssl_handshake::privacy.AccumulateSingleSample(TLSPrivacyResult);
626626
}
627627
}
628628
}

0 commit comments

Comments
 (0)