horok/firefox
1
0
Fork 0
Code Activity
firefox/security/manager/ssl/metrics.yaml
Daniel Baumann 5e9a113729
Adding upstream version 140.0. 
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
2025-06-25 09:37:52 +02:00

1558 lines
51 KiB
YAML
Raw Permalink Blame History

# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
# Adding a new metric? We have docs for that!
# https://firefox-source-docs.mozilla.org/toolkit/components/glean/user/new_definitions_file.html
---
$schema: moz://mozilla.org/schemas/glean/metrics/2-0-0
$tags:
- 'Core :: Security: PSM'
cert_storage:
memory:
type: memory_distribution
memory_unit: byte
description: >
Heap memory used by cert_storage.
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1910500
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1910500
data_sensitivity:
- technical
notification_emails:
- jschanck@mozilla.com
expires: 142
data_storage:
alternate_services:
type: quantity
description:
The number of entries stored in the AlternateServices nsIDataStorage
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1873080
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1873080
data_sensitivity:
- interaction
notification_emails:
- dkeeler@mozilla.com
expires: never
unit: entries
client_auth_remember_list:
type: quantity
description:
The number of entries stored in the ClientAuthRememberList nsIDataStorage
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1873080
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1873080
data_sensitivity:
- interaction
notification_emails:
- dkeeler@mozilla.com
expires: never
unit: entries
site_security_service_state:
type: quantity
description:
The number of entries stored in the SiteSecurityServiceState nsIDataStorage
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1873080
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1873080
data_sensitivity:
- interaction
notification_emails:
- dkeeler@mozilla.com
expires: never
unit: entries
tls:
certificate_verifications:
type: counter
description: >
The total number of successful TLS server certificate verifications.
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1876435
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1876435
notification_emails:
- dkeeler@mozilla.com
expires: never
xyber_intolerance_reason:
type: labeled_counter
description: >
The error that was returned from a failed TLS 1.3 handshake in which the client sent a mlkem768x25519 key share (see tlsIntoleranceTelemetryBucket() in nsNSSIOLayer.cpp).
data_sensitivity:
- technical
bugs:
- https://bugzilla.mozilla.org/1874963
- https://bugzilla.mozilla.org/1933879
data_reviews:
- https://bugzilla.mozilla.org/1874963
notification_emails:
- jschanck@mozilla.com
expires: 143
labels:
- PR_CONNECT_RESET_ERROR
- PR_END_OF_FILE_ERROR
- SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE
- SSL_ERROR_BAD_MAC_ALERT
- SSL_ERROR_BAD_MAC_READ
- SSL_ERROR_DECODE_ERROR_ALERT
- SSL_ERROR_HANDSHAKE_FAILED
- SSL_ERROR_HANDSHAKE_FAILURE_ALERT
- SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT
- SSL_ERROR_ILLEGAL_PARAMETER_ALERT
- SSL_ERROR_INTERNAL_ERROR_ALERT
- SSL_ERROR_KEY_EXCHANGE_FAILURE
- SSL_ERROR_NO_CYPHER_OVERLAP
- SSL_ERROR_PROTOCOL_VERSION_ALERT
- SSL_ERROR_RX_UNEXPECTED_RECORD_TYPE
- SSL_ERROR_RX_MALFORMED_HYBRID_KEY_SHARE
- SSL_ERROR_UNSUPPORTED_VERSION
cipher_suite:
type: custom_distribution
description: >
Negotiated cipher suite in TLS handshake (see key in AccumulateCipherSuite
in nsNSSCallbacks.cpp)
This metric was generated to correspond to the Legacy Telemetry enumerated
histogram TLS_CIPHER_SUITE.
range_min: 0
range_max: 64
bucket_count: 65
histogram_type: linear
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1862062
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1862062
notification_emails:
- seceng-telemetry@mozilla.com
expires: never
telemetry_mirror: TLS_CIPHER_SUITE
cert_compression:
failures:
type: labeled_counter
description:
The number of times each certificate compression algorithm returned an error.
data_sensitivity:
- interaction
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1881027
- https://bugzilla.mozilla.org/show_bug.cgi?id=1933864
data_reviews:
- https://bugzilla.mozilla.org/1881027
notification_emails:
- anna.weine@mozilla.com
expires: never
labels:
- zlib
- brotli
- zstd
verification_used_cert_from:
tls_handshake:
type: rate
description: >
How many successfully-built certificate chains used a certificate from the TLS handshake.
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1876435
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1876435
notification_emails:
- dkeeler@mozilla.com
expires: never
denominator_metric: tls.certificate_verifications
preloaded_intermediates:
type: rate
description: >
How many successfully-built certificate chains used a certificate from preloaded intermediates.
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1876435
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1876435
notification_emails:
- dkeeler@mozilla.com
expires: never
denominator_metric: tls.certificate_verifications
third_party_certificates:
type: rate
description: >
How many successfully-built certificate chains used a third-party certificate from the OS.
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1876435
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1876435
notification_emails:
- dkeeler@mozilla.com
expires: never
denominator_metric: tls.certificate_verifications
nss_cert_db:
type: rate
description: >
How many successfully-built certificate chains used a certificate from the NSS cert DB.
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1876435
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1876435
notification_emails:
- dkeeler@mozilla.com
expires: never
denominator_metric: tls.certificate_verifications
built_in_roots_module:
type: rate
description: >
How many successfully-built certificate chains used a certificate from the built-in roots module.
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1876435
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1876435
notification_emails:
- dkeeler@mozilla.com
expires: never
denominator_metric: tls.certificate_verifications
pkcs11:
third_party_modules_loaded:
type: quantity
description:
The number of third-party PKCS#11 modules loaded.
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1905453
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1905453
data_sensitivity:
- interaction
notification_emails:
- dkeeler@mozilla.com
expires: never
unit: modules
external_trust_anchor_module_loaded:
type: boolean
description:
Whether or not an external trust anchor module was loaded.
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1958977
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1958977
data_sensitivity:
- interaction
notification_emails:
- anna.weine@mozilla.com
- dkeeler@mozilla.com
expires: never
cert_verification_time:
success:
type: timing_distribution
time_unit: microsecond
description: >
The time it takes to successfully verify a certificate in a TLS handshake.
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1862062
- https://bugzilla.mozilla.org/show_bug.cgi?id=1913794
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1862062
- https://bugzilla.mozilla.org/show_bug.cgi?id=1913794
data_sensitivity:
- technical
notification_emails:
- seceng-telemetry@mozilla.com
- dkeeler@mozilla.com
expires: never
failure:
type: timing_distribution
time_unit: microsecond
description: >
The time it takes to fail to verify a certificate in a TLS handshake.
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1862062
- https://bugzilla.mozilla.org/show_bug.cgi?id=1913794
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1862062
- https://bugzilla.mozilla.org/show_bug.cgi?id=1913794
data_sensitivity:
- technical
notification_emails:
- seceng-telemetry@mozilla.com
- dkeeler@mozilla.com
expires: never
ocsp_request_time:
success:
type: timing_distribution
time_unit: millisecond
description: >
The time it takes to make an OCSP request that succeeded.
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1862062
- https://bugzilla.mozilla.org/show_bug.cgi?id=1913794
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1862062
- https://bugzilla.mozilla.org/show_bug.cgi?id=1913794
data_sensitivity:
- technical
notification_emails:
- seceng-telemetry@mozilla.com
- dkeeler@mozilla.com
expires: never
failure:
type: timing_distribution
time_unit: millisecond
description: >
The time it takes to make an OCSP request that failed.
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1862062
- https://bugzilla.mozilla.org/show_bug.cgi?id=1913794
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1862062
- https://bugzilla.mozilla.org/show_bug.cgi?id=1913794
data_sensitivity:
- technical
notification_emails:
- seceng-telemetry@mozilla.com
- dkeeler@mozilla.com
expires: never
cancel:
type: timing_distribution
time_unit: millisecond
description: >
The time it takes to make an OCSP request that was cancelled.
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1862062
- https://bugzilla.mozilla.org/show_bug.cgi?id=1913794
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1862062
- https://bugzilla.mozilla.org/show_bug.cgi?id=1913794
data_sensitivity:
- technical
notification_emails:
- seceng-telemetry@mozilla.com
- dkeeler@mozilla.com
expires: never
networking:
nss_initialization:
type: quantity
description: >
The time in milliseconds to initialize the NSS component in the
parent process.
This metric was generated to correspond to the Legacy Telemetry
scalar networking.nss_initialization.
bugs:
- https://bugzil.la/1628734
data_reviews:
- https://bugzil.la/1628734
notification_emails:
- mconley@mozilla.com
- dkeeler@mozilla.com
expires: never
unit: millisecond
telemetry_mirror: NETWORKING_NSS_INITIALIZATION
loading_certs_task:
type: quantity
description: >
The time in milliseconds to load any external certificates. This
occurs off of the main-thread, but can block main-thread operations.
This metric was generated to correspond to the Legacy Telemetry
scalar networking.loading_certs_task.
bugs:
- https://bugzil.la/1628734
data_reviews:
- https://bugzil.la/1628734
notification_emails:
- mconley@mozilla.com
- dkeeler@mozilla.com
expires: never
unit: millisecond
telemetry_mirror: NETWORKING_LOADING_CERTS_TASK
security:
client_auth_cert_usage:
type: labeled_counter
description: >
Measures how many servers have requested a client authentication
certificate (key: "requested") and how many times the user has opted
to send one in response (key: "sent").
This metric was generated to correspond to the Legacy Telemetry
scalar security.client_auth_cert_usage.
bugs:
- https://bugzil.la/1749884
data_reviews:
- https://bugzil.la/1749884
notification_emails:
- dkeeler@mozilla.com
expires: never
telemetry_mirror: SECURITY_CLIENT_AUTH_CERT_USAGE
addon_signature_verification_status:
type: custom_distribution
description: >
Records the result of App Signature Verification. See the comments in
OpenSignedAppFile.
This metric was generated to correspond to the Legacy Telemetry enumerated
histogram ADDON_SIGNATURE_VERIFICATION_STATUS.
range_min: 0
range_max: 32
bucket_count: 33
histogram_type: linear
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1771523
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1771523
notification_emails:
- seceng-telemetry@mozilla.com
expires: never
telemetry_mirror: ADDON_SIGNATURE_VERIFICATION_STATUS
content_signature_verification_status:
type: custom_distribution
description: >
What was the result of the content signature verification? 0=valid,
1=invalid, 2=noCertChain, 3=createContextFailedWithOtherError,
4=expiredCert, 5=certNotValidYet, 6=buildCertChainFailed,
7=eeCertForWrongHost, 8=extractKeyError, 9=vfyContextError
This metric was generated to correspond to the Legacy Telemetry enumerated
histogram CONTENT_SIGNATURE_VERIFICATION_STATUS.
range_min: 0
range_max: 20
bucket_count: 21
histogram_type: linear
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1258647
- https://bugzilla.mozilla.org/show_bug.cgi?id=1862062
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1258647
- https://bugzilla.mozilla.org/show_bug.cgi?id=1862062
notification_emails:
- seceng-telemetry@mozilla.com
expires: never
telemetry_mirror: CONTENT_SIGNATURE_VERIFICATION_STATUS
ntlm_module_used:
type: custom_distribution
description: >
The module used for the NTLM protocol (Windows_API, Kerberos, Samba_auth
or Generic) and whether or not the authentication was used to connect to a
proxy server. This data is collected only once per session (at first NTLM
authentification) ; fixed version.
This metric was generated to correspond to the Legacy Telemetry enumerated
histogram NTLM_MODULE_USED_2.
range_min: 0
range_max: 8
bucket_count: 9
histogram_type: linear
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1956726
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1956726
notification_emails:
- seceng-telemetry@mozilla.com
expires: never
telemetry_mirror: NTLM_MODULE_USED_2
cert:
ev_status:
type: custom_distribution
description: >
EV status of a certificate, recorded on each TLS connection. 0=invalid,
1=DV, 2=EV
This metric was generated to correspond to the Legacy Telemetry enumerated
histogram CERT_EV_STATUS.
range_min: 0
range_max: 10
bucket_count: 11
histogram_type: linear
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1254653
- https://bugzilla.mozilla.org/show_bug.cgi?id=1862062
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1254653
- https://bugzilla.mozilla.org/show_bug.cgi?id=1862062
notification_emails:
- seceng-telemetry@mozilla.com
expires: never
telemetry_mirror: CERT_EV_STATUS
validation_success_by_ca:
type: custom_distribution
description: >
Successful SSL server cert validations by CA (see RootHashes.inc for names
of CAs)
This metric was generated to correspond to the Legacy Telemetry enumerated
histogram CERT_VALIDATION_SUCCESS_BY_CA_2.
range_min: 0
range_max: 256
bucket_count: 257
histogram_type: linear
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1364159
- https://bugzilla.mozilla.org/show_bug.cgi?id=1369747
- https://bugzilla.mozilla.org/show_bug.cgi?id=1441550
- https://bugzilla.mozilla.org/show_bug.cgi?id=1909978
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1364159
- https://bugzilla.mozilla.org/show_bug.cgi?id=1369747
- https://bugzilla.mozilla.org/show_bug.cgi?id=1441550
- https://bugzilla.mozilla.org/show_bug.cgi?id=1909978
notification_emails:
- seceng-telemetry@mozilla.com
- dkeeler@mozilla.com
expires: never
telemetry_mirror: CERT_VALIDATION_SUCCESS_BY_CA_2
chain_key_size_status:
type: custom_distribution
description: >
Does enforcing a larger minimum RSA key size cause verification failures?
1 = no, 2 = yes, 3 = another error prevented finding a verified chain
This metric was generated to correspond to the Legacy Telemetry enumerated
histogram CERT_CHAIN_KEY_SIZE_STATUS.
range_min: 0
range_max: 4
bucket_count: 5
histogram_type: linear
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1862062
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1862062
notification_emails:
- seceng-telemetry@mozilla.com
expires: never
telemetry_mirror: CERT_CHAIN_KEY_SIZE_STATUS
validation_http_request_result:
type: custom_distribution
description: >
HTTP result of OCSP, etc.. (0=canceled, 1=OK, 2=FAILED, 3=internal-error)
This metric was generated to correspond to the Legacy Telemetry enumerated
histogram CERT_VALIDATION_HTTP_REQUEST_RESULT.
range_min: 0
range_max: 16
bucket_count: 17
histogram_type: linear
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1862062
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1862062
notification_emails:
- seceng-telemetry@mozilla.com
expires: never
telemetry_mirror: CERT_VALIDATION_HTTP_REQUEST_RESULT
cert_pinning:
failures_by_ca:
type: custom_distribution
description: >
Pinning failures by CA (see RootHashes.inc for names of CAs)
This metric was generated to correspond to the Legacy Telemetry enumerated
histogram CERT_PINNING_FAILURES_BY_CA_2.
range_min: 0
range_max: 256
bucket_count: 257
histogram_type: linear
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1862062
- https://bugzilla.mozilla.org/show_bug.cgi?id=1909978
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1862062
- https://bugzilla.mozilla.org/show_bug.cgi?id=1909978
notification_emails:
- pinning@mozilla.org
- dkeeler@mozilla.com
expires: never
telemetry_mirror: CERT_PINNING_FAILURES_BY_CA_2
results:
type: labeled_counter
description: >
Certificate pinning results (0 = failure, 1 = success)
This metric was generated to correspond to the Legacy Telemetry boolean
histogram CERT_PINNING_RESULTS.
labels:
- "false"
- "true"
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1862062
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1862062
notification_emails:
- pinning@mozilla.org
expires: never
telemetry_mirror: h#CERT_PINNING_RESULTS
test_results:
type: labeled_counter
description: >
Certificate pinning test results (0 = failure, 1 = success)
This metric was generated to correspond to the Legacy Telemetry boolean
histogram CERT_PINNING_TEST_RESULTS.
labels:
- "false"
- "true"
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1862062
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1862062
notification_emails:
- pinning@mozilla.org
expires: never
telemetry_mirror: h#CERT_PINNING_TEST_RESULTS
moz_results_by_host:
type: custom_distribution
description: >
Certificate pinning results by host for Mozilla operational sites
This metric was generated to correspond to the Legacy Telemetry enumerated
histogram CERT_PINNING_MOZ_RESULTS_BY_HOST.
range_min: 0
range_max: 512
bucket_count: 513
histogram_type: linear
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1007844
- https://bugzilla.mozilla.org/show_bug.cgi?id=1521940
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1007844
- https://bugzilla.mozilla.org/show_bug.cgi?id=1521940
notification_emails:
- dkeeler@mozilla.com
- pinning@mozilla.org
expires: never
telemetry_mirror: CERT_PINNING_MOZ_RESULTS_BY_HOST
moz_test_results_by_host:
type: custom_distribution
description: >
Certificate pinning test results by host for Mozilla operational sites
This metric was generated to correspond to the Legacy Telemetry enumerated
histogram CERT_PINNING_MOZ_TEST_RESULTS_BY_HOST.
range_min: 0
range_max: 512
bucket_count: 513
histogram_type: linear
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1007844
- https://bugzilla.mozilla.org/show_bug.cgi?id=1521940
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1007844
- https://bugzilla.mozilla.org/show_bug.cgi?id=1521940
notification_emails:
- dkeeler@mozilla.com
- pinning@mozilla.org
expires: never
telemetry_mirror: CERT_PINNING_MOZ_TEST_RESULTS_BY_HOST
ssl_handshake:
version:
type: custom_distribution
description: >
Negotiated SSL Version (1=tls1, 2=tls1.1, 3=tls1.2, 4=tls1.3)
This metric was generated to correspond to the Legacy Telemetry enumerated
histogram SSL_HANDSHAKE_VERSION.
range_min: 0
range_max: 16
bucket_count: 17
histogram_type: linear
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1250568
- https://bugzilla.mozilla.org/show_bug.cgi?id=1340021
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1250568
- https://bugzilla.mozilla.org/show_bug.cgi?id=1340021
notification_emails:
- seceng-telemetry@mozilla.com
expires: never
telemetry_mirror: SSL_HANDSHAKE_VERSION
privacy:
type: custom_distribution
description: >
0th bit - TLS13 used? 1th bit - Revocation Privacy, 2nd bit - DNS Privacy,
3rd bit - ECH Privacy
This metric was generated to correspond to the Legacy Telemetry enumerated
histogram SSL_HANDSHAKE_PRIVACY.
range_min: 0
range_max: 16
bucket_count: 17
histogram_type: linear
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1788290
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1788290
notification_emails:
- seceng-telemetry@mozilla.com
expires: never
telemetry_mirror: SSL_HANDSHAKE_PRIVACY
result:
type: custom_distribution
description: >
SSL handshake result, 0=success, 1-255=NSS error offset, 256-511=SEC error
offset + 256, 512-639=NSPR error offset + 512, 640-670=PKIX error,
671=unknown err
This metric was generated to correspond to the Legacy Telemetry enumerated
histogram SSL_HANDSHAKE_RESULT.
range_min: 0
range_max: 672
bucket_count: 673
histogram_type: linear
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1331280
- https://bugzilla.mozilla.org/show_bug.cgi?id=1340021
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1331280
- https://bugzilla.mozilla.org/show_bug.cgi?id=1340021
notification_emails:
- seceng-telemetry@mozilla.com
expires: never
telemetry_mirror: SSL_HANDSHAKE_RESULT
result_first_try:
type: custom_distribution
description: >
SSL handshake result for first-try connections, 0=success, 1-255=NSS error
offset, 256-511=SEC error offset + 256, 512-639=NSPR error offset + 512,
640-670=PKIX error, 671=unknown err
This metric was generated to correspond to the Legacy Telemetry enumerated
histogram SSL_HANDSHAKE_RESULT_FIRST_TRY.
range_min: 0
range_max: 672
bucket_count: 673
histogram_type: linear
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1780014
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1780014
notification_emails:
- seceng-telemetry@mozilla.com
expires: never
telemetry_mirror: SSL_HANDSHAKE_RESULT_FIRST_TRY
result_conservative:
type: custom_distribution
description: >
SSL handshake result for conservative mode connections, 0=success,
1-255=NSS error offset, 256-511=SEC error offset + 256, 512-639=NSPR error
offset + 512, 640-670=PKIX error, 671=unknown err
This metric was generated to correspond to the Legacy Telemetry enumerated
histogram SSL_HANDSHAKE_RESULT_CONSERVATIVE.
range_min: 0
range_max: 672
bucket_count: 673
histogram_type: linear
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1780014
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1780014
notification_emails:
- seceng-telemetry@mozilla.com
expires: never
telemetry_mirror: SSL_HANDSHAKE_RESULT_CONSERVATIVE
result_ech:
type: custom_distribution
description: >
SSL handshake result for connections which used ECH 'Real', 0=success,
1-255=NSS error offset, 256-511=SEC error offset + 256, 512-639=NSPR error
offset + 512, 640-670=PKIX error, 671=unknown err
This metric was generated to correspond to the Legacy Telemetry enumerated
histogram SSL_HANDSHAKE_RESULT_ECH.
range_min: 0
range_max: 672
bucket_count: 673
histogram_type: linear
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1771479
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1771479
notification_emails:
- seceng-telemetry@mozilla.com
expires: never
telemetry_mirror: SSL_HANDSHAKE_RESULT_ECH
result_ech_grease:
type: custom_distribution
description: >
SSL handshake result for connections which used ECH GREASE, 0=success,
1-255=NSS error offset, 256-511=SEC error offset + 256, 512-639=NSPR error
offset + 512, 640-670=PKIX error, 671=unknown err
This metric was generated to correspond to the Legacy Telemetry enumerated
histogram SSL_HANDSHAKE_RESULT_ECH_GREASE.
range_min: 0
range_max: 672
bucket_count: 673
histogram_type: linear
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1771479
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1771479
notification_emails:
- seceng-telemetry@mozilla.com
expires: never
telemetry_mirror: SSL_HANDSHAKE_RESULT_ECH_GREASE
completed:
type: custom_distribution
description: >
Type of handshake (1=resumption, 2=false started, 3=chose not to false
start, 4=not allowed to false start)
This metric was generated to correspond to the Legacy Telemetry enumerated
histogram SSL_HANDSHAKE_TYPE.
range_min: 0
range_max: 8
bucket_count: 9
histogram_type: linear
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1862062
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1862062
notification_emails:
- seceng-telemetry@mozilla.com
expires: never
telemetry_mirror: SSL_HANDSHAKE_TYPE
ssl:
time_until_ready:
type: timing_distribution
description: >
ms of SSL wait time including TCP and proxy tunneling
This metric was generated to correspond to the Legacy Telemetry
exponential histogram SSL_TIME_UNTIL_READY.
time_unit: millisecond
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1340021
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1340021
notification_emails:
- seceng-telemetry@mozilla.com
expires: never
telemetry_mirror: SSL_TIME_UNTIL_READY
time_until_ready_first_try:
type: timing_distribution
description: >
ms of SSL wait time including TCP and proxy tunneling for first-try
connections
This metric was generated to correspond to the Legacy Telemetry
exponential histogram SSL_TIME_UNTIL_READY_FIRST_TRY.
time_unit: millisecond
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1340021
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1340021
notification_emails:
- seceng-telemetry@mozilla.com
expires: never
telemetry_mirror: SSL_TIME_UNTIL_READY_FIRST_TRY
time_until_ready_conservative:
type: timing_distribution
description: >
ms of SSL wait time including TCP and proxy tunneling for
conservative-mode connections
This metric was generated to correspond to the Legacy Telemetry
exponential histogram SSL_TIME_UNTIL_READY_CONSERVATIVE.
time_unit: millisecond
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1340021
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1340021
notification_emails:
- seceng-telemetry@mozilla.com
expires: never
telemetry_mirror: SSL_TIME_UNTIL_READY_CONSERVATIVE
time_until_ready_ech:
type: timing_distribution
description: >
ms of SSL wait time including TCP and proxy tunneling for connections
using ECH 'Real'
This metric was generated to correspond to the Legacy Telemetry
exponential histogram SSL_TIME_UNTIL_READY_ECH.
time_unit: millisecond
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1771479
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1771479
notification_emails:
- seceng-telemetry@mozilla.com
expires: never
telemetry_mirror: SSL_TIME_UNTIL_READY_ECH
time_until_ready_ech_grease:
type: timing_distribution
description: >
ms of SSL wait time including TCP and proxy tunneling for connections
using ECH GREASE
This metric was generated to correspond to the Legacy Telemetry
exponential histogram SSL_TIME_UNTIL_READY_ECH_GREASE.
time_unit: millisecond
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1771479
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1771479
notification_emails:
- seceng-telemetry@mozilla.com
expires: never
telemetry_mirror: SSL_TIME_UNTIL_READY_ECH_GREASE
time_until_handshake_finished_keyed_by_ka:
type: labeled_timing_distribution
description: >
ms of SSL wait time for full handshake including TCP and proxy tunneling,
keyed by the key exchange algorithm used
This metric was generated to correspond to the Legacy Telemetry
exponential histogram SSL_TIME_UNTIL_HANDSHAKE_FINISHED_KEYED_BY_KA.
time_unit: millisecond
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1340021
- https://bugzilla.mozilla.org/show_bug.cgi?id=1513839
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1340021
- https://bugzilla.mozilla.org/show_bug.cgi?id=1513839
notification_emails:
- seceng-telemetry@mozilla.com
expires: never
telemetry_mirror: SSL_TIME_UNTIL_HANDSHAKE_FINISHED_KEYED_BY_KA
bytes_before_cert_callback:
type: memory_distribution
description: >
plaintext bytes read before a server certificate authenticated
This metric was generated to correspond to the Legacy Telemetry
exponential histogram SSL_BYTES_BEFORE_CERT_CALLBACK.
memory_unit: byte
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1862062
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1862062
notification_emails:
- seceng-telemetry@mozilla.com
expires: never
telemetry_mirror: SSL_BYTES_BEFORE_CERT_CALLBACK
npn_type:
type: custom_distribution
description: >
NPN Results (0=none, 1=negotiated, 2=no-overlap, 3=selected(alpn))
This metric was generated to correspond to the Legacy Telemetry enumerated
histogram SSL_NPN_TYPE.
range_min: 0
range_max: 16
bucket_count: 17
histogram_type: linear
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1935420
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1935420
notification_emails:
- seceng-telemetry@mozilla.com
expires: never
telemetry_mirror: SSL_NPN_TYPE
resumed_session:
type: labeled_counter
description: >
complete TLS connect that used TLS Session Resumption (collected at same
time as SSL_TIME_UNTIL_HANDSHAKE_FINISHED)
This metric was generated to correspond to the Legacy Telemetry boolean
histogram SSL_RESUMED_SESSION.
labels:
- "false"
- "true"
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1340021
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1340021
notification_emails:
- seceng-telemetry@mozilla.com
expires: never
telemetry_mirror: h#SSL_RESUMED_SESSION
key_exchange_algorithm_full:
type: custom_distribution
description: >
SSL Handshake Key Exchange Algorithm for full handshake (null=0, rsa=1,
dh=2, fortezza=3, ecdh=4)
This metric was generated to correspond to the Legacy Telemetry enumerated
histogram SSL_KEY_EXCHANGE_ALGORITHM_FULL.
range_min: 0
range_max: 16
bucket_count: 17
histogram_type: linear
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1862062
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1862062
notification_emails:
- seceng-telemetry@mozilla.com
expires: never
telemetry_mirror: SSL_KEY_EXCHANGE_ALGORITHM_FULL
key_exchange_algorithm_resumed:
type: custom_distribution
description: >
SSL Handshake Key Exchange Algorithm for resumed handshake (null=0, rsa=1,
dh=2, fortezza=3, ecdh=4)
This metric was generated to correspond to the Legacy Telemetry enumerated
histogram SSL_KEY_EXCHANGE_ALGORITHM_RESUMED.
range_min: 0
range_max: 16
bucket_count: 17
histogram_type: linear
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1862062
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1862062
notification_emails:
- seceng-telemetry@mozilla.com
expires: never
telemetry_mirror: SSL_KEY_EXCHANGE_ALGORITHM_RESUMED
tls13_intolerance_reason_pre:
type: custom_distribution
description: >
Potential TLS 1.3 intolerance, before considering historical info (see
tlsIntoleranceTelemetryBucket() in nsNSSIOLayer.cpp).
This metric was generated to correspond to the Legacy Telemetry enumerated
histogram SSL_TLS13_INTOLERANCE_REASON_PRE.
range_min: 0
range_max: 64
bucket_count: 65
histogram_type: linear
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1250568
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1250568
notification_emails:
- seceng-telemetry@mozilla.com
expires: never
telemetry_mirror: SSL_TLS13_INTOLERANCE_REASON_PRE
tls13_intolerance_reason_post:
type: custom_distribution
description: >
Potential TLS 1.3 intolerance, after considering historical info (see
tlsIntoleranceTelemetryBucket() in nsNSSIOLayer.cpp).
This metric was generated to correspond to the Legacy Telemetry enumerated
histogram SSL_TLS13_INTOLERANCE_REASON_POST.
range_min: 0
range_max: 64
bucket_count: 65
histogram_type: linear
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1250568
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1250568
notification_emails:
- seceng-telemetry@mozilla.com
expires: never
telemetry_mirror: SSL_TLS13_INTOLERANCE_REASON_POST
tls12_intolerance_reason_pre:
type: custom_distribution
description: >
Potential TLS 1.2 intolerance, before considering historical info (see
tlsIntoleranceTelemetryBucket() in nsNSSIOLayer.cpp).
This metric was generated to correspond to the Legacy Telemetry enumerated
histogram SSL_TLS12_INTOLERANCE_REASON_PRE.
range_min: 0
range_max: 64
bucket_count: 65
histogram_type: linear
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1935420
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1935420
notification_emails:
- seceng-telemetry@mozilla.com
expires: never
telemetry_mirror: SSL_TLS12_INTOLERANCE_REASON_PRE
tls12_intolerance_reason_post:
type: custom_distribution
description: >
Potential TLS 1.2 intolerance, after considering historical info (see
tlsIntoleranceTelemetryBucket() in nsNSSIOLayer.cpp).
This metric was generated to correspond to the Legacy Telemetry enumerated
histogram SSL_TLS12_INTOLERANCE_REASON_POST.
range_min: 0
range_max: 64
bucket_count: 65
histogram_type: linear
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1935420
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1935420
notification_emails:
- seceng-telemetry@mozilla.com
expires: never
telemetry_mirror: SSL_TLS12_INTOLERANCE_REASON_POST
tls11_intolerance_reason_pre:
type: custom_distribution
description: >
Potential TLS 1.1 intolerance, before considering historical info (see
tlsIntoleranceTelemetryBucket() in nsNSSIOLayer.cpp).
This metric was generated to correspond to the Legacy Telemetry enumerated
histogram SSL_TLS11_INTOLERANCE_REASON_PRE.
range_min: 0
range_max: 64
bucket_count: 65
histogram_type: linear
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1935420
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1935420
notification_emails:
- seceng-telemetry@mozilla.com
expires: never
telemetry_mirror: SSL_TLS11_INTOLERANCE_REASON_PRE
tls11_intolerance_reason_post:
type: custom_distribution
description: >
Potential TLS 1.1 intolerance, after considering historical info (see
tlsIntoleranceTelemetryBucket() in nsNSSIOLayer.cpp).
This metric was generated to correspond to the Legacy Telemetry enumerated
histogram SSL_TLS11_INTOLERANCE_REASON_POST.
range_min: 0
range_max: 64
bucket_count: 65
histogram_type: linear
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1935420
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1935420
notification_emails:
- seceng-telemetry@mozilla.com
expires: never
telemetry_mirror: SSL_TLS11_INTOLERANCE_REASON_POST
tls10_intolerance_reason_pre:
type: custom_distribution
description: >
Potential TLS 1.0 intolerance, before considering historical info (see
tlsIntoleranceTelemetryBucket() in nsNSSIOLayer.cpp).
This metric was generated to correspond to the Legacy Telemetry enumerated
histogram SSL_TLS10_INTOLERANCE_REASON_PRE.
range_min: 0
range_max: 64
bucket_count: 65
histogram_type: linear
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1935420
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1935420
notification_emails:
- seceng-telemetry@mozilla.com
expires: never
telemetry_mirror: SSL_TLS10_INTOLERANCE_REASON_PRE
tls10_intolerance_reason_post:
type: custom_distribution
description: >
Potential TLS 1.0 intolerance, after considering historical info (see
tlsIntoleranceTelemetryBucket() in nsNSSIOLayer.cpp).
This metric was generated to correspond to the Legacy Telemetry enumerated
histogram SSL_TLS10_INTOLERANCE_REASON_POST.
range_min: 0
range_max: 64
bucket_count: 65
histogram_type: linear
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1935420
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1935420
notification_emails:
- seceng-telemetry@mozilla.com
expires: never
telemetry_mirror: SSL_TLS10_INTOLERANCE_REASON_POST
version_fallback_inappropriate:
type: custom_distribution
description: >
TLS/SSL version intolerance was falsely detected, server rejected
handshake (see tlsIntoleranceTelemetryBucket() in nsNSSIOLayer.cpp).
This metric was generated to correspond to the Legacy Telemetry enumerated
histogram SSL_VERSION_FALLBACK_INAPPROPRIATE.
range_min: 0
range_max: 64
bucket_count: 65
histogram_type: linear
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1935420
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1935420
notification_emails:
- seceng-telemetry@mozilla.com
expires: never
telemetry_mirror: SSL_VERSION_FALLBACK_INAPPROPRIATE
kea_rsa_key_size_full:
type: custom_distribution
description: >
RSA KEA (TLS_RSA_*) key size in full handshake
This metric was generated to correspond to the Legacy Telemetry enumerated
histogram SSL_KEA_RSA_KEY_SIZE_FULL.
range_min: 0
range_max: 24
bucket_count: 25
histogram_type: linear
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1862062
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1862062
notification_emails:
- seceng-telemetry@mozilla.com
expires: never
telemetry_mirror: SSL_KEA_RSA_KEY_SIZE_FULL
kea_dhe_key_size_full:
type: custom_distribution
description: >
DHE KEA (TLS_DHE_*) key size in full handshake
This metric was generated to correspond to the Legacy Telemetry enumerated
histogram SSL_KEA_DHE_KEY_SIZE_FULL.
range_min: 0
range_max: 24
bucket_count: 25
histogram_type: linear
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1862062
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1862062
notification_emails:
- seceng-telemetry@mozilla.com
expires: never
telemetry_mirror: SSL_KEA_DHE_KEY_SIZE_FULL
kea_ecdhe_curve_full:
type: custom_distribution
description: >
ECDHE KEA (TLS_ECDHE_*) curve (23=P-256, 24=P-384, 25=P-521,
29=Curve25519) in full handshake
This metric was generated to correspond to the Legacy Telemetry enumerated
histogram SSL_KEA_ECDHE_CURVE_FULL.
range_min: 0
range_max: 36
bucket_count: 37
histogram_type: linear
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1862062
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1862062
notification_emails:
- seceng-telemetry@mozilla.com
expires: never
telemetry_mirror: SSL_KEA_ECDHE_CURVE_FULL
auth_algorithm_full:
type: custom_distribution
description: >
SSL Authentication Algorithm (null=0, rsa(KEA)=1, ecdsa=4, rsa(sign)=7) in
full handshake
This metric was generated to correspond to the Legacy Telemetry enumerated
histogram SSL_AUTH_ALGORITHM_FULL.
range_min: 0
range_max: 16
bucket_count: 17
histogram_type: linear
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1862062
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1862062
notification_emails:
- seceng-telemetry@mozilla.com
expires: never
telemetry_mirror: SSL_AUTH_ALGORITHM_FULL
auth_rsa_key_size_full:
type: custom_distribution
description: >
RSA signature key size for TLS_*_RSA_* in full handshake
This metric was generated to correspond to the Legacy Telemetry enumerated
histogram SSL_AUTH_RSA_KEY_SIZE_FULL.
range_min: 0
range_max: 24
bucket_count: 25
histogram_type: linear
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1862062
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1862062
notification_emails:
- seceng-telemetry@mozilla.com
expires: never
telemetry_mirror: SSL_AUTH_RSA_KEY_SIZE_FULL
auth_ecdsa_curve_full:
type: custom_distribution
description: >
ECDSA signature curve for TLS_*_ECDSA_* in full handshake (23=P-256,
24=P-384, 25=P-521)
This metric was generated to correspond to the Legacy Telemetry enumerated
histogram SSL_AUTH_ECDSA_CURVE_FULL.
range_min: 0
range_max: 36
bucket_count: 37
histogram_type: linear
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1862062
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1862062
notification_emails:
- seceng-telemetry@mozilla.com
expires: never
telemetry_mirror: SSL_AUTH_ECDSA_CURVE_FULL
reasons_for_not_false_starting:
type: custom_distribution
description: >
Bitmask of reasons we did not false start when libssl would have let us
(see key in nsNSSCallbacks.cpp)
This metric was generated to correspond to the Legacy Telemetry enumerated
histogram SSL_REASONS_FOR_NOT_FALSE_STARTING.
range_min: 0
range_max: 512
bucket_count: 513
histogram_type: linear
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1862062
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1862062
notification_emails:
- seceng-telemetry@mozilla.com
expires: never
telemetry_mirror: SSL_REASONS_FOR_NOT_FALSE_STARTING
ocsp_stapling:
type: custom_distribution
description: >
Status of OCSP stapling on this handshake (1=present, good; 2=none;
3=present, expired; 4=present, other error)
This metric was generated to correspond to the Legacy Telemetry enumerated
histogram SSL_OCSP_STAPLING.
range_min: 0
range_max: 8
bucket_count: 9
histogram_type: linear
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1862062
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1862062
notification_emails:
- seceng-telemetry@mozilla.com
expires: never
telemetry_mirror: SSL_OCSP_STAPLING
cert_error_overrides:
type: custom_distribution
description: >
Was a certificate error overridden on this handshake? What was it?
(0=unknown error (indicating bug), 1=no, >1=a specific error)
This metric was generated to correspond to the Legacy Telemetry enumerated
histogram SSL_CERT_ERROR_OVERRIDES.
range_min: 0
range_max: 24
bucket_count: 25
histogram_type: linear
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1862062
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1862062
notification_emails:
- seceng-telemetry@mozilla.com
expires: never
telemetry_mirror: SSL_CERT_ERROR_OVERRIDES
cert_verification_errors:
type: custom_distribution
description: >
If certificate verification failed in a TLS handshake, what was the error?
(see MapCertErrorToProbeValue in
security/manager/ssl/SSLServerCertVerification.cpp and the values in
security/pkix/include/pkix/Result.h)
This metric was generated to correspond to the Legacy Telemetry enumerated
histogram SSL_CERT_VERIFICATION_ERRORS.
range_min: 0
range_max: 100
bucket_count: 101
histogram_type: linear
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1503572
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1503572
notification_emails:
- jhofmann@mozilla.com
- rtestard@mozilla.com
- seceng@mozilla.org
expires: never
telemetry_mirror: SSL_CERT_VERIFICATION_ERRORS
ct_policy_non_compliant_connections_by_ca:
type: custom_distribution
description: |
Number of successfully established TLS connections NOT compliant with the Certificate Transparency Policy, by CA. See https://searchfox.org/mozilla-central/source/security/manager/ssl/RootHashes.inc for names of CAs. Bucket zero holds CAs not present in the list.
This metric was generated to correspond to the Legacy Telemetry enumerated histogram SSL_CT_POLICY_NON_COMPLIANT_CONNECTIONS_BY_CA_2.
range_min: 0
range_max: 256
bucket_count: 257
histogram_type: linear
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1320567
- https://bugzilla.mozilla.org/show_bug.cgi?id=1909978
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1320567
- https://bugzilla.mozilla.org/show_bug.cgi?id=1909978
notification_emails:
- seceng-telemetry@mozilla.com
- dkeeler@mozilla.com
expires: never
telemetry_mirror: SSL_CT_POLICY_NON_COMPLIANT_CONNECTIONS_BY_CA_2
permanent_cert_error_overrides:
type: custom_distribution
description: >
How many permanent certificate overrides a user has stored.
This metric was generated to correspond to the Legacy Telemetry
exponential histogram SSL_PERMANENT_CERT_ERROR_OVERRIDES.
range_min: 1
range_max: 1024
bucket_count: 10
histogram_type: exponential
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1862062
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1862062
notification_emails:
- seceng-telemetry@mozilla.com
expires: never
telemetry_mirror: SSL_PERMANENT_CERT_ERROR_OVERRIDES
scts_origin:
type: custom_distribution
description: >
Origin of Signed Certificate Timestamps received (1=Embedded, 2=TLS
handshake extension, 3=Stapled OCSP response)
This metric was generated to correspond to the Legacy Telemetry enumerated
histogram SSL_SCTS_ORIGIN.
range_min: 0
range_max: 10
bucket_count: 11
histogram_type: linear
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1293231
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1293231
notification_emails:
- seceng-telemetry@mozilla.com
expires: never
telemetry_mirror: SSL_SCTS_ORIGIN
scts_per_connection:
type: custom_distribution
description: >
Histogram of Signed Certificate Timestamps per SSL connection, from all
sources (embedded / OCSP Stapling / TLS handshake). Bucket 0 counts the
cases when no SCTs were received, or none were extracted due to parsing
errors.
This metric was generated to correspond to the Legacy Telemetry enumerated
histogram SSL_SCTS_PER_CONNECTION.
range_min: 0
range_max: 10
bucket_count: 11
histogram_type: linear
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1293231
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1293231
notification_emails:
- seceng-telemetry@mozilla.com
expires: never
telemetry_mirror: SSL_SCTS_PER_CONNECTION
scts_verification_status:
type: custom_distribution
description: >
Verification status of Signed Certificate Timestamps received (0=Decoding
error, 1=Valid SCT, 2=SCT from unknown log, 3=Invalid SCT signature, 4=SCT
timestamp is in the future, 5=Valid SCT from a disqualified log)
This metric was generated to correspond to the Legacy Telemetry enumerated
histogram SSL_SCTS_VERIFICATION_STATUS.
range_min: 0
range_max: 10
bucket_count: 11
histogram_type: linear
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1293231
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1293231
notification_emails:
- seceng-telemetry@mozilla.com
expires: never
telemetry_mirror: SSL_SCTS_VERIFICATION_STATUS
View git blame Copy permalink