Closed Bug 1499737 Opened 1 year ago Closed 1 year ago

Expose information whether resumption token provided via SSL_SetResumptionToken was used

Categories

(NSS :: Libraries, enhancement, P2)

3.39
enhancement

Tracking

(Not tracked)

RESOLVED WONTFIX

People

(Reporter: michal, Unassigned)

References

(Blocks 1 open bug)

Details

Attachments

(1 obsolete file)

This information will be mostly used for telemetry to decide whether external token cache have any real positive effect. It can be also used to find optimal expiration time of the tokens, so we can keep the database as small as possible.
Blocks: 1399439
Priority: -- → P2
Target Milestone: --- → 3.41
So I'm not sure if this is really the right approach here.
Necko wants to be able to get data on whether a token was used or not on startup. Simple statistics on cache hits isn't enough because they have to know whether that first token was used. This is a pretty dumb implementation allowing that by registering a callback that tells an application when a token was used successfully and a function that compares two tokens.

I'm open to other ideas...
Is it possible that the necko code can just check for the intersection of an external token being set and session resumption (using SSL_GetChannelInfo and SSLChannelInfo.resumed)?
(In reply to Martin Thomson [:mt:] from comment #2)
> Is it possible that the necko code can just check for the intersection of an
> external token being set and session resumption (using SSL_GetChannelInfo
> and SSLChannelInfo.resumed)?

That's what I thought at first as well. But after talking to Michal this didn't seem enough. Michal can you explain again?
Flags: needinfo?(michal.novotny)
(In reply to Franziskus Kiefer [:franziskus] from comment #3)
> (In reply to Martin Thomson [:mt:] from comment #2)
> > Is it possible that the necko code can just check for the intersection of an
> > external token being set and session resumption (using SSL_GetChannelInfo
> > and SSLChannelInfo.resumed)?
> 
> That's what I thought at first as well. But after talking to Michal this
> didn't seem enough. Michal can you explain again?

IIRC, you were referring to SSL_GetStatistics which gives global stats and it's not possible to find out whether the token was used for a particular connection. If I can use SSLChannelInfo.resumed in nsSocketTransport::OnSocketConnected, then it's exactly what I was looking for.
Flags: needinfo?(michal.novotny)
Ok I close this one then. Michal, please re-open if you find that the info you get from the SSLChannelInfo or statistics is not enough.
Status: NEW → RESOLVED
Closed: 1 year ago
Resolution: --- → WONTFIX
Attachment #9020750 - Attachment is obsolete: true
You need to log in before you can comment on or make changes to this bug.