Page MenuHomePhabricator

ATS lacks the possibility of reporting SSL stats to an origin server via HTTP Headers
Closed, ResolvedPublic


Our current nginx setup as TLS terminator reports several SSL stats to varnish using the HTTP Header X-Connection-Properties:

proxy_set_header X-Connection-Properties "H2=$h2; SSR=$session_reused; SSL=$ssl_protocol; C=$ssl_cipher; EC=$ssl_ecdhe_curve;";

ATS currently doesn't support this feature but it should be easily implementable because they already track several stats:

the SSL stats should be exposed via the API to the Lua plugin and the Elliptic Curve stat must be implemented

Event Timeline

Vgutierrez triaged this task as Medium priority.Jul 16 2019, 5:32 AM
Vgutierrez created this task.
ayounsi removed a subscriber: ayounsi.Jul 16 2019, 5:32 AM

Two PRs have been submitted to upstream:

Implement logging of SSL Elliptic Curve used: has been already merged into master. The API proposal part of is being currently discussed in

ema moved this task from Triage to TLS on the Traffic board.Jul 17 2019, 9:36 AM

Change 528984 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/debs/trafficserver@master] Backport commits required to report SSL stats to an origin server

Change 528984 merged by Vgutierrez:
[operations/debs/trafficserver@master] Backport commits required to report SSL stats to an origin server

Mentioned in SAL (#wikimedia-operations) [2019-08-09T07:31:45Z] <vgutierrez> uploaded trafficserver-8.0.3wm3 to (stretch) - T220383 T228135

Vgutierrez closed this task as Resolved.Aug 27 2019, 9:38 AM
Vgutierrez removed a project: Patch-For-Review.