Measure inappropriate_fallback alerts from Google.

Some fraction of successful connections use the fallback, but only due to a spurious network failure. To estimate this fraction, compare handshakes to Google servers which succeed against those that fail with an inappropriate_fallback alert. Google servers are known to implement FALLBACK_SCSV, so a spurious network failure while connecting would trigger the fallback, successfully connect, but fail with this alert. BUG=459690 Review URL: https://codereview.chromium.org/1147453003 Cr-Commit-Position: refs/heads/master@{#330425} (cherry picked from commit 701ca98) [email protected],[email protected] Review URL: https://codereview.chromium.org/1148373002 Cr-Commit-Position: refs/branch-heads/2403@{#37} Cr-Branched-From: f54b809-refs/heads/master@{#330231}
crosswalk-project · May 20, 2015 · 2dd3fbd · 2dd3fbd
1 parent dc4883b
commit 2dd3fbd
Show file tree

Hide file tree

Showing 3 changed files with 44 additions and 9 deletions.
diff --git a/net/http/http_network_transaction.cc b/net/http/http_network_transaction.cc
@@ -776,9 +776,10 @@ int HttpNetworkTransaction::DoCreateStreamComplete(int result) {
   if (result != ERR_HTTPS_PROXY_TUNNEL_RESPONSE)
     CopyConnectionAttemptsFromStreamRequest();
 
+  if (request_->url.SchemeIsCryptographic())
+    RecordSSLFallbackMetrics(result);
+
   if (result == OK) {
-    if (request_->url.SchemeIsCryptographic())
-      RecordSSLFallbackMetrics();
     next_state_ = STATE_INIT_STREAM;
     DCHECK(stream_.get());
   } else if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) {
@@ -1438,7 +1439,27 @@ void HttpNetworkTransaction::ResetStateForAuthRestart() {
   establishing_tunnel_ = false;
 }
 
-void HttpNetworkTransaction::RecordSSLFallbackMetrics() {
+void HttpNetworkTransaction::RecordSSLFallbackMetrics(int result) {
+  if (result != OK && result != ERR_SSL_INAPPROPRIATE_FALLBACK)
+    return;
+
+  const std::string& host = request_->url.host();
+  bool is_google = EndsWith(host, "google.com", true) &&
+                   (host.size() == 10 || host[host.size() - 11] == '.');
+  if (is_google) {
+    // Some fraction of successful connections use the fallback, but only due to
+    // a spurious network failure. To estimate this fraction, compare handshakes
+    // to Google servers which succeed against those that fail with an
+    // inappropriate_fallback alert. Google servers are known to implement
+    // FALLBACK_SCSV, so a spurious network failure while connecting would
+    // trigger the fallback, successfully connect, but fail with this alert.
+    UMA_HISTOGRAM_BOOLEAN("Net.GoogleConnectionInappropriateFallback",
+                          result == ERR_SSL_INAPPROPRIATE_FALLBACK);
+  }
+
+  if (result != OK)
+    return;
+
   // Note: these values are used in histograms, so new values must be appended.
   enum FallbackVersion {
     FALLBACK_NONE = 0,  // SSL version fallback did not occur.
@@ -1467,9 +1488,7 @@ void HttpNetworkTransaction::RecordSSLFallbackMetrics() {
   // Google servers are known to implement TLS 1.2 and FALLBACK_SCSV, so it
   // should be impossible to successfully connect to them with the fallback.
   // This helps estimate intolerant locally-configured SSL MITMs.
-  const std::string& host = request_->url.host();
-  if (EndsWith(host, "google.com", true) &&
-      (host.size() == 10 || host[host.size() - 11] == '.')) {
+  if (is_google) {
     UMA_HISTOGRAM_ENUMERATION("Net.GoogleConnectionUsedSSLVersionFallback2",
                               fallback, FALLBACK_MAX);
   }

diff --git a/net/http/http_network_transaction.h b/net/http/http_network_transaction.h
@@ -239,7 +239,7 @@ class NET_EXPORT_PRIVATE HttpNetworkTransaction
   void ResetStateForAuthRestart();
 
   // Records metrics relating to SSL fallbacks.
-  void RecordSSLFallbackMetrics();
+  void RecordSSLFallbackMetrics(int result);
 
   // Returns true if we should try to add a Proxy-Authorization header
   bool ShouldApplyProxyAuth() const;

diff --git a/tools/metrics/histograms/histograms.xml b/tools/metrics/histograms/histograms.xml
@@ -19457,6 +19457,17 @@ Therefore, the affected-histogram name has to have at least one dot in it.
   </summary>
 </histogram>
 
+<histogram name="Net.GoogleConnectionInappropriateFallback"
+    enum="BooleanInappropriateFallback">
+  <owner>[email protected]</owner>
+  <summary>
+    Records a sample for each HTTPS request to a Google server that either
+    succeeded or received an inappropriate_fallback alert. This is used to
+    estimate how frequently the fallback is used to recover from a spurious
+    network failure.
+  </summary>
+</histogram>
+
 <histogram name="Net.GoogleConnectionUsedSSLVersionFallback"
     enum="FallbackSSLVersion">
   <obsolete>
@@ -19477,8 +19488,8 @@ Therefore, the affected-histogram name has to have at least one dot in it.
   <summary>
     For each successful HTTPS request to a Google server, whether it used the
     SSL version fallback. The value indicates the SSL version the request fell
-    back on. Since Google servers support TLS 1.2, any fallback is an indication
-    of network middleware problems.
+    back on. Since Google servers support TLS 1.2 and FALLBACK_SCSV, any
+    fallback is an indication of a broken local SSL MITM proxy.
   </summary>
 </histogram>
 
@@ -48265,6 +48276,11 @@ Therefore, the affected-histogram name has to have at least one dot in it.
   <int value="1" label="Ignored"/>
 </enum>
 
+<enum name="BooleanInappropriateFallback" type="int">
+  <int value="0" label="Handshake successful"/>
+  <int value="1" label="inappropriate_fallback alert"/>
+</enum>
+
 <enum name="BooleanIsMobileOptimized" type="int">
   <int value="0" label="Not mobile optimized web page"/>
   <int value="1" label="Mobile optimized web page"/>