Skip to content

Count TLS/non-TLS connections separately, by TLS version#4341

Merged
sougou merged 6 commits intovitessio:masterfrom
planetscale:ds-tsl-conn-counts
Nov 10, 2018
Merged

Count TLS/non-TLS connections separately, by TLS version#4341
sougou merged 6 commits intovitessio:masterfrom
planetscale:ds-tsl-conn-counts

Conversation

@deepthi
Copy link
Copy Markdown
Collaborator

@deepthi deepthi commented Nov 6, 2018

Signed-off-by: deepthi deepthi@planetscale.com

@deepthi
Count TLS/non-TLS connections separately, by TLS version
e134ff7 
Signed-off-by: deepthi <deepthi@planetscale.com>
@deepthi
attempt to fix flaky test
48d5a55 
Signed-off-by: deepthi <deepthi@planetscale.com>
@dveeden
Copy link
Copy Markdown
Contributor

dveeden commented Nov 6, 2018

Please also count TLSv1.3 connections. I don't think I have ever seen a MySQL client that supported SSLv3 (Initially MySQL only supported TLSv1.0). And vtgate should never allow SSLv3, but I'm not sure if that's currently the case. So counts for SSLv3 are pretty much useless.

@deepthi
remove flaky check in test
be170cb 
Signed-off-by: deepthi <deepthi@planetscale.com>
@deepthi
Copy link
Copy Markdown
Collaborator Author

deepthi commented Nov 7, 2018
edited
Loading

TLS1.3 in go is still WIP.
golang/go#9671
The protocol versions covered here are the ones supported in go-1.10 (crypto/tls/common.go)
const (
VersionSSL30 = 0x0300
VersionTLS10 = 0x0301
VersionTLS11 = 0x0302
VersionTLS12 = 0x0303
)

I'll add a comment to the code to say that we should update our handling when we move to a newer version of go.

@deepthi
TODO add support for new versions of TLS when they become available
15354c2 
Signed-off-by: deepthi <deepthi@planetscale.com>
sougou
sougou reviewed Nov 9, 2018
View reviewed changes
go/mysql/server.go Outdated
queryTimingKey = "Query"
connectTimingKey = "Connect"
queryTimingKey = "Query"
versionSSL30 = "SSL 3.0"
Copy link
Copy Markdown
Contributor

@sougou sougou Nov 9, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since these are tags, it's risky to use spaces (or dots). Some value parsers may treat them as separators. Underscores are safe. Even - could cause trouble. Personally, I'd just go with SSL30, TLS10, etc.

@deepthi
fix tags to have no spaces or dots
9ff6b6b 
Signed-off-by: deepthi <deepthi@planetscale.com>
@deepthi
fix tags to have no spaces or dots - missed one
66b9db2 
Signed-off-by: deepthi <deepthi@planetscale.com>
@sougou sougou merged commit 782fec9 into vitessio:master Nov 10, 2018
@rafael rafael mentioned this pull request Dec 3, 2018
Merged
@deepthi deepthi deleted the ds-tsl-conn-counts branch December 5, 2018 01:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@sougou sougou sougou approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@deepthi @dveeden @sougou