Source code

Revision control

Copy as Markdown

Other Tools

# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
# Adding a new metric? We have docs for that!
---
$tags:
- 'Core :: Security: PSM'
cert_storage:
memory:
type: memory_distribution
memory_unit: byte
description: >
Heap memory used by cert_storage.
bugs:
data_reviews:
data_sensitivity:
- technical
notification_emails:
- jschanck@mozilla.com
expires: 142
data_storage:
alternate_services:
type: quantity
description:
The number of entries stored in the AlternateServices nsIDataStorage
bugs:
data_reviews:
data_sensitivity:
- interaction
notification_emails:
- dkeeler@mozilla.com
expires: never
unit: entries
client_auth_remember_list:
type: quantity
description:
The number of entries stored in the ClientAuthRememberList nsIDataStorage
bugs:
data_reviews:
data_sensitivity:
- interaction
notification_emails:
- dkeeler@mozilla.com
expires: never
unit: entries
site_security_service_state:
type: quantity
description:
The number of entries stored in the SiteSecurityServiceState nsIDataStorage
bugs:
data_reviews:
data_sensitivity:
- interaction
notification_emails:
- dkeeler@mozilla.com
expires: never
unit: entries
tls:
certificate_verifications:
type: counter
description: >
The total number of successful TLS server certificate verifications.
bugs:
data_reviews:
notification_emails:
- dkeeler@mozilla.com
expires: never
xyber_intolerance_reason:
type: labeled_counter
description: >
The error that was returned from a failed TLS 1.3 handshake in which the client sent a mlkem768x25519 key share (see tlsIntoleranceTelemetryBucket() in nsNSSIOLayer.cpp).
data_sensitivity:
- technical
bugs:
data_reviews:
notification_emails:
- jschanck@mozilla.com
expires: 136
labels:
- PR_CONNECT_RESET_ERROR
- PR_END_OF_FILE_ERROR
- SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE
- SSL_ERROR_BAD_MAC_ALERT
- SSL_ERROR_BAD_MAC_READ
- SSL_ERROR_DECODE_ERROR_ALERT
- SSL_ERROR_HANDSHAKE_FAILED
- SSL_ERROR_HANDSHAKE_FAILURE_ALERT
- SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT
- SSL_ERROR_ILLEGAL_PARAMETER_ALERT
- SSL_ERROR_INTERNAL_ERROR_ALERT
- SSL_ERROR_KEY_EXCHANGE_FAILURE
- SSL_ERROR_NO_CYPHER_OVERLAP
- SSL_ERROR_PROTOCOL_VERSION_ALERT
- SSL_ERROR_RX_UNEXPECTED_RECORD_TYPE
- SSL_ERROR_RX_MALFORMED_HYBRID_KEY_SHARE
- SSL_ERROR_UNSUPPORTED_VERSION
cert_compression:
used:
type: labeled_counter
description:
The number of times each certificate compression algorithm was used.
data_sensitivity:
- interaction
bugs:
data_reviews:
notification_emails:
- anna.weine@mozilla.com
expires: 136
labels:
- zlib
- brotli
- zstd
failures:
type: labeled_counter
description:
The number of times each certificate compression algorithm returned an error.
data_sensitivity:
- interaction
bugs:
data_reviews:
notification_emails:
- anna.weine@mozilla.com
expires: 136
labels:
- zlib
- brotli
- zstd
zlib_saved_bytes:
type: custom_distribution
description:
The difference between the length of encoded certificate vs the actual certificate.
data_sensitivity:
- interaction
bugs:
data_reviews:
notification_emails:
- anna.weine@mozilla.com
histogram_type: exponential
range_max: 65536
bucket_count: 100
expires: 136
brotli_saved_bytes:
type: custom_distribution
description:
The difference between the length of encoded certificate vs the actual certificate.
data_sensitivity:
- interaction
bugs:
data_reviews:
notification_emails:
- anna.weine@mozilla.com
histogram_type: exponential
range_max: 65536
bucket_count: 100
expires: 136
zstd_saved_bytes:
type: custom_distribution
description:
The difference between the length of encoded certificate vs the actual certificate.
data_sensitivity:
- interaction
bugs:
data_reviews:
notification_emails:
- anna.weine@mozilla.com
histogram_type: exponential
range_max: 65536
bucket_count: 100
expires: 136
verification_used_cert_from:
tls_handshake:
type: rate
description: >
How many successfully-built certificate chains used a certificate from the TLS handshake.
bugs:
data_reviews:
notification_emails:
- dkeeler@mozilla.com
expires: never
denominator_metric: tls.certificate_verifications
preloaded_intermediates:
type: rate
description: >
How many successfully-built certificate chains used a certificate from preloaded intermediates.
bugs:
data_reviews:
notification_emails:
- dkeeler@mozilla.com
expires: never
denominator_metric: tls.certificate_verifications
third_party_certificates:
type: rate
description: >
How many successfully-built certificate chains used a third-party certificate from the OS.
bugs:
data_reviews:
notification_emails:
- dkeeler@mozilla.com
expires: never
denominator_metric: tls.certificate_verifications
nss_cert_db:
type: rate
description: >
How many successfully-built certificate chains used a certificate from the NSS cert DB.
bugs:
data_reviews:
notification_emails:
- dkeeler@mozilla.com
expires: never
denominator_metric: tls.certificate_verifications
built_in_roots_module:
type: rate
description: >
How many successfully-built certificate chains used a certificate from the built-in roots module.
bugs:
data_reviews:
notification_emails:
- dkeeler@mozilla.com
expires: never
denominator_metric: tls.certificate_verifications
pkcs11:
third_party_modules_loaded:
type: quantity
description:
The number of third-party PKCS#11 modules loaded.
bugs:
data_reviews:
data_sensitivity:
- interaction
notification_emails:
- dkeeler@mozilla.com
expires: never
unit: modules
cert_verification_time:
success:
type: timing_distribution
time_unit: microsecond
description: >
The time it takes to successfully verify a certificate in a TLS handshake.
bugs:
data_reviews:
data_sensitivity:
- technical
notification_emails:
- seceng-telemetry@mozilla.com
- dkeeler@mozilla.com
expires: never
failure:
type: timing_distribution
time_unit: microsecond
description: >
The time it takes to fail to verify a certificate in a TLS handshake.
bugs:
data_reviews:
data_sensitivity:
- technical
notification_emails:
- seceng-telemetry@mozilla.com
- dkeeler@mozilla.com
expires: never
ocsp_request_time:
success:
type: timing_distribution
time_unit: millisecond
description: >
The time it takes to make an OCSP request that succeeded.
bugs:
data_reviews:
data_sensitivity:
- technical
notification_emails:
- seceng-telemetry@mozilla.com
- dkeeler@mozilla.com
expires: never
failure:
type: timing_distribution
time_unit: millisecond
description: >
The time it takes to make an OCSP request that failed.
bugs:
data_reviews:
data_sensitivity:
- technical
notification_emails:
- seceng-telemetry@mozilla.com
- dkeeler@mozilla.com
expires: never
cancel:
type: timing_distribution
time_unit: millisecond
description: >
The time it takes to make an OCSP request that was cancelled.
bugs:
data_reviews:
data_sensitivity:
- technical
notification_emails:
- seceng-telemetry@mozilla.com
- dkeeler@mozilla.com
expires: never
networking:
nss_initialization:
type: quantity
description: >
The time in milliseconds to initialize the NSS component in the
parent process.
This metric was generated to correspond to the Legacy Telemetry
scalar networking.nss_initialization.
bugs:
data_reviews:
notification_emails:
- mconley@mozilla.com
- dkeeler@mozilla.com
expires: never
unit: millisecond
telemetry_mirror: NETWORKING_NSS_INITIALIZATION
loading_certs_task:
type: quantity
description: >
The time in milliseconds to load any external certificates. This
occurs off of the main-thread, but can block main-thread operations.
This metric was generated to correspond to the Legacy Telemetry
scalar networking.loading_certs_task.
bugs:
data_reviews:
notification_emails:
- mconley@mozilla.com
- dkeeler@mozilla.com
expires: never
unit: millisecond
telemetry_mirror: NETWORKING_LOADING_CERTS_TASK
security:
client_auth_cert_usage:
type: labeled_counter
description: >
Measures how many servers have requested a client authentication
certificate (key: "requested") and how many times the user has opted
to send one in response (key: "sent").
This metric was generated to correspond to the Legacy Telemetry
scalar security.client_auth_cert_usage.
bugs:
data_reviews:
notification_emails:
- dkeeler@mozilla.com
expires: never
telemetry_mirror: SECURITY_CLIENT_AUTH_CERT_USAGE