SSL/TLS¶
- proxy.process.ssl.origin_server_bad_cert¶
- Collection:
- global
- Type:
- counter
- Datatype:
- integer
Indicates the number of certificates presented by origin servers which contained invalid information, since statistics collection began.
- proxy.process.ssl.origin_server_cert_verify_failed¶
- Collection:
- global
- Type:
- counter
- Datatype:
- integer
The number of origin server SSL certificates presented which failed verification, since statistics collection began.
- proxy.process.ssl.origin_server_decryption_failed¶
- Collection:
- global
- Type:
- counter
- Datatype:
- integer
The number of SSL connections to origin servers which returned data that could not be properly decrypted, since statistics collection began.
- proxy.process.ssl.origin_server_expired_cert¶
- Collection:
- global
- Type:
- counter
- Datatype:
- integer
The number of SSL connections to origin servers for which expired origin certificates were presented, since statistics collection began.
- proxy.process.ssl.origin_server_other_errors¶
- Collection:
- global
- Type:
- counter
- Datatype:
- integer
The number of SSL connections to origin servers which encountered otherwise uncategorized errors, since statistics collection began.
- proxy.process.ssl.origin_server_revoked_cert¶
- Collection:
- global
- Type:
- counter
- Datatype:
- integer
The number of SSL connections to origin servers during which a revoked certificate was presented by the origin, since statistics collection began.
- proxy.process.ssl.origin_server_unknown_ca¶
- Collection:
- global
- Type:
- counter
- Datatype:
- integer
The number of SSL connections to origin servers during which the origin presented a certificate signed by an unrecognized Certificate Authority, since statistics collection began.
- proxy.process.ssl.origin_server_unknown_cert¶
- Collection:
- global
- Type:
- counter
- Datatype:
- integer
- proxy.process.ssl.origin_server_wrong_version¶
- Collection:
- global
- Type:
- counter
- Datatype:
- integer
The number of SSL connections to origin servers which were terminated due to unsupported SSL/TLS protocol versions, since statistics collection began.
- proxy.process.ssl.ssl_error_ssl¶
- Collection:
- global
- Type:
- counter
- Datatype:
- integer
- proxy.process.ssl.ssl_error_syscall¶
- Collection:
- global
- Type:
- counter
- Datatype:
- integer
- proxy.process.ssl.ssl_error_async¶
- Collection:
- global
- Type:
- counter
- Datatype:
- integer
Track the number of times OpenSSL async jobs paused.
- proxy.process.ssl.ssl_session_cache_eviction¶
- Collection:
- global
- Type:
- counter
- Datatype:
- integer
- proxy.process.ssl.ssl_session_cache_hit¶
- Collection:
- global
- Type:
- counter
- Datatype:
- integer
- proxy.process.ssl.ssl_origin_session_cache_hit¶
- Collection:
- global
- Type:
- counter
- Datatype:
- integer
- proxy.process.ssl.ssl_session_cache_lock_contention¶
- Collection:
- global
- Type:
- counter
- Datatype:
- integer
- proxy.process.ssl.ssl_session_cache_miss¶
- Collection:
- global
- Type:
- counter
- Datatype:
- integer
- proxy.process.ssl.ssl_origin_session_cache_miss¶
- Collection:
- global
- Type:
- counter
- Datatype:
- integer
- proxy.process.ssl.ssl_session_cache_new_session¶
- Collection:
- global
- Type:
- counter
- Datatype:
- integer
- proxy.process.ssl.ssl_sni_name_set_failure¶
- Collection:
- global
- Type:
- counter
- Datatype:
- integer
- proxy.process.ssl.total_handshake_time¶
- Collection:
- global
- Type:
- counter
- Units:
- milliseconds
- Datatype:
- integer
The total amount of time spent performing SSL/TLS handshakes for new sessions since statistics collection began.
- proxy.process.ssl.total_attempts_handshake_count_in¶
- Collection:
- global
- Type:
- counter
- Datatype:
- integer
The total number of inbound SSL/TLS handshake attempts received since statistics collection began.
- proxy.process.ssl.total_success_handshake_count_in¶
- Collection:
- global
- Type:
- counter
- Datatype:
- integer
The total number of inbound SSL/TLS handshakes successfully performed since statistics collection began.
- proxy.process.ssl.total_attempts_handshake_count_out¶
- Collection:
- global
- Type:
- counter
- Datatype:
- integer
The total number of outbound SSL/TLS handshake attempts made since statistics collection began.
- proxy.process.ssl.total_success_handshake_count_out¶
- Collection:
- global
- Type:
- counter
- Datatype:
- integer
The total number of outbound SSL/TLS handshakes successfully performed since statistics collection began.
- proxy.process.ssl.total_ticket_keys_renewed¶
- Collection:
- global
- Type:
- counter
- Datatype:
- integer
- proxy.process.ssl.total_tickets_created¶
- Collection:
- global
- Type:
- counter
- Datatype:
- integer
- proxy.process.ssl.total_tickets_not_found¶
- Collection:
- global
- Type:
- counter
- Datatype:
- integer
- proxy.process.ssl.total_tickets_renewed¶
- Collection:
- global
- Type:
- counter
- Datatype:
- integer
- proxy.process.ssl.total_tickets_verified¶
- Collection:
- global
- Type:
- counter
- Datatype:
- integer
- proxy.process.ssl.total_tickets_verified_old_key¶
- Collection:
- global
- Type:
- counter
- Datatype:
- integer
- proxy.process.ssl.user_agent_bad_cert¶
- Collection:
- global
- Type:
- counter
- Datatype:
- integer
Incoming client SSL connections which have presented invalid data in lieu of a client certificate, since statistics collection began.
- proxy.process.ssl.user_agent_cert_verify_failed¶
- Collection:
- global
- Type:
- counter
- Datatype:
- integer
Incoming client SSL connections which presented a client certificate that did not pass verification, since statistics collection began.
- proxy.process.ssl.user_agent_decryption_failed¶
- Collection:
- global
- Type:
- counter
- Datatype:
- integer
Incoming client SSL connections which failed to be properly decrypted, since statistics collection began.
- proxy.process.ssl.user_agent_expired_cert¶
- Collection:
- global
- Type:
- counter
- Datatype:
- integer
Incoming client SSL connections which presented a client certificate that had already expired, since statistics collection began.
- proxy.process.ssl.user_agent_other_errors¶
- Collection:
- global
- Type:
- counter
- Datatype:
- integer
Incoming client SSL connections which experienced otherwise uncategorized errors, since statistics collection began.
- proxy.process.ssl.user_agent_revoked_cert¶
- Collection:
- global
- Type:
- counter
- Datatype:
- integer
Incoming client SSL connections which presented a client certificate that had been revoked, since statistics collection began.
- proxy.process.ssl.user_agent_decryption_failed_or_bad_record_mac¶
- Collection:
- global
- Type:
- counter
- Datatype:
- integer
Incoming client SSL connections which failed decryption or had a mismatched MAC, since statistics collection began.
- proxy.process.ssl.user_agent_http_request¶
- Collection:
- global
- Type:
- counter
- Datatype:
- integer
Incoming client SSL connections which attempted to use plaintext HTTP without SSL encryption, since statistics collection began.
- proxy.process.ssl.user_agent_inappropriate_fallback¶
- Collection:
- global
- Type:
- counter
- Datatype:
- integer
Incoming client SSL connections which used a fallback to an older TLS version that Traffic Server doesn’t support, since statistics collection began.
- Collection:
- global
- Type:
- counter
- Datatype:
- integer
Incoming client SSL connections which failed due to no match in supported ciphers between the client and Traffic Server, since statistics collection began.
- proxy.process.ssl.user_agent_version_too_high¶
- Collection:
- global
- Type:
- counter
- Datatype:
- integer
Incoming client SSL connections which failed due to the client only supporting TLS versions that are too high for Traffic Server to support, since statistics collection began.
This stat is only incremented when Traffic Server is built against an SSL library, such
as OpenSSL, that supports the SSL_R_VERSION_TOO_HIGH error.
- proxy.process.ssl.user_agent_version_too_low¶
- Collection:
- global
- Type:
- counter
- Datatype:
- integer
Incoming client SSL connections which failed due to the client only supporting TLS versions that are too low for Traffic Server to accept, since statistics collection began.
This stat is only incremented when Traffic Server is built against an SSL library, such
as OpenSSL, that supports the SSL_R_VERSION_TOO_LOW error.
- proxy.process.ssl.user_agent_session_hit¶
- Collection:
- global
- Type:
- counter
- Datatype:
- integer
Incoming client SSL connections which successfully used a previously negotiated session, since statistics collection began.
- proxy.process.ssl.user_agent_session_miss¶
- Collection:
- global
- Type:
- counter
- Datatype:
- integer
Incoming client SSL connections which unsuccessfully attempted to use a previously negotiated session, since statistics collection began.
- proxy.process.ssl.user_agent_sessions¶
- Collection:
- global
- Type:
- counter
- Datatype:
- integer
A counter indicating the number of SSL sessions negotiated for incoming client connections, since statistics collection began.
- proxy.process.ssl.user_agent_session_timeout¶
- Collection:
- global
- Type:
- counter
- Datatype:
- integer
Incoming client SSL connections which terminated with an expired session, since statistics collection began.
- proxy.process.ssl.user_agent_unknown_ca¶
- Collection:
- global
- Type:
- counter
- Datatype:
- integer
Incoming client SSL connections which presented a client certificate signed by an unrecognized Certificate Authority, since statistics collection began.
- proxy.process.ssl.user_agent_unknown_cert¶
- Collection:
- global
- Type:
- counter
- Datatype:
- integer
- proxy.process.ssl.user_agent_wrong_version¶
- Collection:
- global
- Type:
- counter
- Datatype:
- integer
Incoming client SSL connections terminated due to an unsupported or disabled version of SSL/TLS, since statistics collection began.
- proxy.process.tunnel.current_active_connections¶
- Collection:
- global
- Type:
- gauge
- Datatype:
- integer
A gauge of current active SNI Routing Tunnels.
- proxy.process.tunnel.total_client_connections_tls_tunnel¶
- Collection:
- global
- Type:
- counter
- Datatype:
- integer
Total number of TCP connections for TLS tunnels where the far end is the client
created based on a tunnel_route key in a table in the sni.yaml file.
- proxy.process.tunnel.current_client_connections_tls_tunnel¶
- Collection:
- global
- Type:
- counter
- Datatype:
- integer
Current number of TCP connections for TLS tunnels where the far end is the client
created based on a tunnel_route key in a table in the sni.yaml file.
- proxy.process.tunnel.total_client_connections_tls_forward¶
- Collection:
- global
- Type:
- counter
- Datatype:
- integer
Total number of TCP connections for TLS tunnels where the far end is the client
created based on a forward_route key in a table in the sni.yaml file.
- proxy.process.tunnel.current_client_connections_tls_forward¶
- Collection:
- global
- Type:
- counter
- Datatype:
- integer
Current number of TCP connections for TLS tunnels where the far end is the client
created based on a forward_route key in a table in the sni.yaml file.
- proxy.process.tunnel.total_client_connections_tls_partial_blind¶
- Collection:
- global
- Type:
- counter
- Datatype:
- integer
Total number of TCP connections for TLS tunnels where the far end is the client
created based on a partial_blind_route key in a table in the sni.yaml file.
- proxy.process.tunnel.current_client_connections_tls_partial_blind¶
- Collection:
- global
- Type:
- counter
- Datatype:
- integer
Current number of TCP connections for TLS tunnels where the far end is the client
created based on a partial_blind_route key in a table in the sni.yaml file.
- proxy.process.tunnel.total_client_connections_tls_http¶
- Collection:
- global
- Type:
- counter
- Datatype:
- integer
Total number of TLS connections for tunnels where the far end is the client initiated with an HTTP request.
- proxy.process.tunnel.current_client_connections_tls_http¶
- Collection:
- global
- Type:
- counter
- Datatype:
- integer
Current number of TLS connections for tunnels where the far end is the client initiated with an HTTP request.
- proxy.process.tunnel.total_server_connections_tls¶
- Collection:
- global
- Type:
- counter
- Datatype:
- integer
Total number of TCP connections for TLS tunnels where the far end is the server
created based on a partial_blind_route key in a table in the sni.yaml file.
- proxy.process.tunnel.current_server_connections_tls¶
- Collection:
- global
- Type:
- counter
- Datatype:
- integer
Current number of TCP connections for TLS tunnels where the far end is the server
created based on a partial_blind_route key in a table in the sni.yaml file.
Pre-warming TLS Tunnel¶
Stats for Pre-warming TLS Tunnel is registered dynamically. The POOL in below represents combination of <Hostname of destination>.<Type of Tunnel>.<ALPN Name (if there)>.
- proxy.process.tunnel.prewarm.POOL.current_init¶
- Collection:
- global
- Type:
- gauge
- Datatype:
- integer
Represents the current number of initializing connections in the pool.
- proxy.process.tunnel.prewarm.POOL.current_open¶
- Collection:
- global
- Type:
- gauge
- Datatype:
- integer
Represents the current number of established connections in the pool.
- proxy.process.tunnel.prewarm.POOL.total_hit¶
- Collection:
- global
- Type:
- counter
- Datatype:
- integer
Represents the total number of pre-warmed connection is used.
- proxy.process.tunnel.prewarm.POOL.total_miss¶
- Collection:
- global
- Type:
- counter
- Datatype:
- integer
Represents the total number of pre-warmed connection is not used.
- proxy.process.tunnel.prewarm.POOL.total_handshake_time¶
- Collection:
- global
- Type:
- counter
- Datatype:
- integer
Represents the total number of handshake duration of pre-warming.
- proxy.process.tunnel.prewarm.POOL.total_handshake_count¶
- Collection:
- global
- Type:
- counter
- Datatype:
- integer
Represents the total number of handshake time of pre-warming.
- proxy.process.tunnel.prewarm.POOL.total_retry¶
- Collection:
- global
- Type:
- counter
- Datatype:
- integer
Represents the total number of pre-warming retry.