ATS fails to log the used SSLCurve when the SSL session is being reused
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	Vgutierrez
	Sep 27 2019, 6:22 AM

Description

X-CP-TLS-Session-Reused: 0

-   ReqUnset       X-CP-HTTP2: 1
-   ReqUnset       X-CP-TLS-Version: TLSv1.2
-   ReqUnset       X-CP-TLS-Session-Reused: 0
-   ReqUnset       X-CP-Key-Exchange: X25519
-   ReqUnset       X-CP-Auth: ECDSA
-   ReqUnset       X-CP-Cipher: CHACHA20-POLY1305-SHA256
-   ReqUnset       X-CP-Full-Cipher: ECDHE-ECDSA-CHACHA20-POLY1305

X-CP-TLS-Session-Reused: 1

-   ReqUnset       X-CP-HTTP2: 1
-   ReqUnset       X-CP-TLS-Version: TLSv1.2
-   ReqUnset       X-CP-TLS-Session-Reused: 1
-   ReqUnset       X-CP-Key-Exchange: nil
-   ReqUnset       X-CP-Auth: ECDSA
-   ReqUnset       X-CP-Cipher: CHACHA20-POLY1305-SHA256
-   ReqUnset       X-CP-Full-Cipher: ECDHE-ECDSA-CHACHA20-POLY1305

Details

	Subject	Repo	Branch	Lines +/-
	Release 8.0.5-wm9	operations/debs/trafficserver	master	+377 -0

Customize query in gerrit

Related Objects
Search...

		Status	Subtype	Assigned	Task
		Resolved		• ema	T231533 Improve ATS prometheus metrics
		Resolved		Vgutierrez	T234011 ATS fails to log the used SSLCurve when the SSL session is being reused

Event Timeline

Vgutierrez created this task.Sep 27 2019, 6:22 AM

Vgutierrez triaged this task as Medium priority.Sep 27 2019, 8:39 AM

Proposed a fix to upstream on https://github.com/apache/trafficserver/pull/5992

• ema moved this task from Backlog to TLS on the Traffic board.Oct 14 2019, 6:09 PM

Change 543025 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/debs/trafficserver@master] Release 8.0.5-wm9

https://gerrit.wikimedia.org/r/543025

gerritbot added a project: Patch-For-Review.Oct 15 2019, 5:58 AM

Change 543025 merged by Vgutierrez:
[operations/debs/trafficserver@master] Release 8.0.5-wm9

https://gerrit.wikimedia.org/r/543025

Mentioned in SAL (#wikimedia-operations) [2019-10-17T05:00:25Z] <vgutierrez> uploaded trafficserver 8.0.5-1wm9 to apt.wikimedia.org (stretch) - T234011

Mentioned in SAL (#wikimedia-operations) [2019-10-17T05:01:12Z] <vgutierrez> upgrading ATS to 8.0.5-1wm9 on cp5001 - T234011

After upgrading to 8.0.5-1wm9 cp5001 reports properly the EC used on reused sessions:

-   ReqHeader      X-CP-TLS-Version: TLSv1.2
-   ReqHeader      X-CP-TLS-Session-Reused: 1
-   ReqHeader      X-CP-Key-Exchange: prime256v1
-   ReqHeader      X-CP-Full-Cipher: ECDHE-ECDSA-AES256-GCM-SHA384
-   ReqHeader      X-CP-Auth: ECDHE-ECDSA-AES256-GCM-SHA384
-   ReqHeader      X-CP-Cipher: AES256-GCM-SHA384

Mentioned in SAL (#wikimedia-operations) [2019-10-17T08:04:56Z] <vgutierrez> upgrading ATS on eqsin nodes to 8.0.5-1wm9 - T234011

Mentioned in SAL (#wikimedia-operations) [2019-10-17T11:09:43Z] <vgutierrez> upgrading ATS on ulsfo nodes to 8.0.5-1wm9 - T234011

Mentioned in SAL (#wikimedia-operations) [2019-10-17T11:16:45Z] <vgutierrez> upgrading ATS on esams nodes to 8.0.5-1wm9 - T234011

Mentioned in SAL (#wikimedia-operations) [2019-10-17T11:27:19Z] <vgutierrez> upgrading ATS on codfw nodes to 8.0.5-1wm9 - T234011

Mentioned in SAL (#wikimedia-operations) [2019-10-17T11:36:07Z] <vgutierrez> upgrading ATS on eqiad nodes to 8.0.5-1wm9 - T234011

Vgutierrez closed this task as Resolved.Oct 17 2019, 11:41 AM

Vgutierrez claimed this task.

Vgutierrez removed a project: Patch-For-Review.

ATS fails to log the used SSLCurve when the SSL session is being reusedClosed, ResolvedPublicActions

Description

Details

Related ObjectsSearch...

Event Timeline

ATS fails to log the used SSLCurve when the SSL session is being reused
Closed, ResolvedPublic
Actions

Related Objects
Search...