Fix user_agent_session_miss for ATS SSL session cache #12405
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
proxy.config.ssl.session_cache.value allows the user to configure whether OpenSSL internally manages the TLS session cache for resumption or whether ATS does via callbacks. For our user_agent_session_* metrics, we use the SSL_CTX_sess_* OpenSSL API to populate them. This works for hit, timeout, etc, for both when the session cache is managed by OpenSSL and when it is managed by ATS, with the exception of SSL_CTX_sess_misses. That metric only counts internal cache misses: > SSL_CTX_sess_misses() returns the number of sessions proposed by > clients that were not found in the internal session cache in server > mode. The result is that when ATS manages the session cache, which is the default configuration, proxy.process.ssl.user_agent_session_miss is always zero. This patch uses our ssl_session_cache_miss metric to augment the stat to be accurate for ATS-managed caching.
bneradt
force-pushed
the
fix_ssl_user_agent_session_miss_for_external_cache
branch
from
6f58e64 to
fa32d52
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
proxy.config.ssl.session_cache.value allows the user to configure whether OpenSSL internally manages the TLS session cache for resumption or whether ATS does via callbacks. For our user_agent_session_* metrics, we use the SSL_CTX_sess_* OpenSSL API to populate them. This works for hit, timeout, etc, for both when the session cache is managed by OpenSSL and when it is managed by ATS, with the exception of SSL_CTX_sess_misses. That metric only counts internal cache misses:
The result is that when ATS manages the session cache, which is the default configuration, proxy.process.ssl.user_agent_session_miss is always zero. This patch uses our ssl_session_cache_miss metric to augment the stat to be accurate for ATS-managed caching.