GitHub user shinrich opened an issue:
https://github.com/apache/trafficserver/issues/1459
Mysterious uptick in user_agent SSL errors moving to 7.1
Comparing a machine running 7.1.x against its peer running our version of
5.3.x. A number of the proxy.process.ssl.user_agent_* metrics started
increasing in the 7.1 build. Namely proxy.process.ssl.user_agent_unknown_cert
and proxy.process.ssl.user_agent_bad_cert.
I did packet captures for a few seconds on both machines to verify that
this wasn't just a change in logging behavior. On the 7.1.x box with 5000 TLS
handshakes captured we saw 81 Certificate Unknown alerts and 5 Bad Cert alerts.
On the 5.3.x box with 23000 handshakes captured, 1 Bad Cert alert (from an
internal IP) and 4 Certificate Unknown alerts (3 from the same IP address).
After running for a few minutes, the rate of alerts in the 7.1 build does
not go down. It isn't huge, but the difference is alarming me enough that I am
not expanding my testing until I have a good story for this.
Will go back and run 7.1.x with ASAN. Perhaps the cert buffers are getting
corrupted in some cases?
----
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---
