GitHub user shinrich opened an issue: https://github.com/apache/trafficserver/issues/1459
Mysterious uptick in user_agent SSL errors moving to 7.1 Comparing a machine running 7.1.x against its peer running our version of 5.3.x. A number of the proxy.process.ssl.user_agent_* metrics started increasing in the 7.1 build. Namely proxy.process.ssl.user_agent_unknown_cert and proxy.process.ssl.user_agent_bad_cert. I did packet captures for a few seconds on both machines to verify that this wasn't just a change in logging behavior. On the 7.1.x box with 5000 TLS handshakes captured we saw 81 Certificate Unknown alerts and 5 Bad Cert alerts. On the 5.3.x box with 23000 handshakes captured, 1 Bad Cert alert (from an internal IP) and 4 Certificate Unknown alerts (3 from the same IP address). After running for a few minutes, the rate of alerts in the 7.1 build does not go down. It isn't huge, but the difference is alarming me enough that I am not expanding my testing until I have a good story for this. Will go back and run 7.1.x with ASAN. Perhaps the cert buffers are getting corrupted in some cases? ---- ---- --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---