Page MenuHomePhabricator

ATS fails to log the used SSLCurve when the SSL session is being reused
Closed, ResolvedPublic

Description

X-CP-TLS-Session-Reused: 0
-   ReqUnset       X-CP-HTTP2: 1
-   ReqUnset       X-CP-TLS-Version: TLSv1.2
-   ReqUnset       X-CP-TLS-Session-Reused: 0
-   ReqUnset       X-CP-Key-Exchange: X25519
-   ReqUnset       X-CP-Auth: ECDSA
-   ReqUnset       X-CP-Cipher: CHACHA20-POLY1305-SHA256
-   ReqUnset       X-CP-Full-Cipher: ECDHE-ECDSA-CHACHA20-POLY1305
X-CP-TLS-Session-Reused: 1
-   ReqUnset       X-CP-HTTP2: 1
-   ReqUnset       X-CP-TLS-Version: TLSv1.2
-   ReqUnset       X-CP-TLS-Session-Reused: 1
-   ReqUnset       X-CP-Key-Exchange: nil
-   ReqUnset       X-CP-Auth: ECDSA
-   ReqUnset       X-CP-Cipher: CHACHA20-POLY1305-SHA256
-   ReqUnset       X-CP-Full-Cipher: ECDHE-ECDSA-CHACHA20-POLY1305

Details

Related Gerrit Patches:
operations/debs/trafficserver : masterRelease 8.0.5-wm9

Event Timeline

Vgutierrez triaged this task as Normal priority.Sep 27 2019, 8:39 AM
ema moved this task from Triage to TLS on the Traffic board.Oct 14 2019, 6:09 PM

Change 543025 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/debs/trafficserver@master] Release 8.0.5-wm9

https://gerrit.wikimedia.org/r/543025

Change 543025 merged by Vgutierrez:
[operations/debs/trafficserver@master] Release 8.0.5-wm9

https://gerrit.wikimedia.org/r/543025

Mentioned in SAL (#wikimedia-operations) [2019-10-17T05:00:25Z] <vgutierrez> uploaded trafficserver 8.0.5-1wm9 to apt.wikimedia.org (stretch) - T234011

Mentioned in SAL (#wikimedia-operations) [2019-10-17T05:01:12Z] <vgutierrez> upgrading ATS to 8.0.5-1wm9 on cp5001 - T234011

After upgrading to 8.0.5-1wm9 cp5001 reports properly the EC used on reused sessions:

-   ReqHeader      X-CP-TLS-Version: TLSv1.2
-   ReqHeader      X-CP-TLS-Session-Reused: 1
-   ReqHeader      X-CP-Key-Exchange: prime256v1
-   ReqHeader      X-CP-Full-Cipher: ECDHE-ECDSA-AES256-GCM-SHA384
-   ReqHeader      X-CP-Auth: ECDHE-ECDSA-AES256-GCM-SHA384
-   ReqHeader      X-CP-Cipher: AES256-GCM-SHA384

Mentioned in SAL (#wikimedia-operations) [2019-10-17T08:04:56Z] <vgutierrez> upgrading ATS on eqsin nodes to 8.0.5-1wm9 - T234011

Mentioned in SAL (#wikimedia-operations) [2019-10-17T11:09:43Z] <vgutierrez> upgrading ATS on ulsfo nodes to 8.0.5-1wm9 - T234011

Mentioned in SAL (#wikimedia-operations) [2019-10-17T11:16:45Z] <vgutierrez> upgrading ATS on esams nodes to 8.0.5-1wm9 - T234011

Mentioned in SAL (#wikimedia-operations) [2019-10-17T11:27:19Z] <vgutierrez> upgrading ATS on codfw nodes to 8.0.5-1wm9 - T234011

Mentioned in SAL (#wikimedia-operations) [2019-10-17T11:36:07Z] <vgutierrez> upgrading ATS on eqiad nodes to 8.0.5-1wm9 - T234011

Vgutierrez closed this task as Resolved.Oct 17 2019, 11:41 AM
Vgutierrez claimed this task.
Vgutierrez removed a project: Patch-For-Review.