diff --git a/media/mtransport/transportlayerdtls.cpp b/media/mtransport/transportlayerdtls.cpp index a9c84b0614c5..6c29e5f82f51 100644 --- a/media/mtransport/transportlayerdtls.cpp +++ b/media/mtransport/transportlayerdtls.cpp @@ -885,6 +885,8 @@ void TransportLayerDtls::Handshake() { } TL_SET_STATE(TS_OPEN); + + RecordCipherTelemetry(); } else { int32_t err = PR_GetError(); switch(err) { @@ -1332,4 +1334,65 @@ TransportLayerDtls::RecordHandshakeCompletionTelemetry( } } +void +TransportLayerDtls::RecordCipherTelemetry() { + uint16_t cipher; + + nsresult rv = GetCipherSuite(&cipher); + + if (NS_FAILED(rv)) { + MOZ_MTLOG(ML_ERROR, "Failed to get cipher suite"); + return; + } + + uint16_t t_cipher = 0; + + switch (cipher) { + /* Old DHE ciphers: candidates for removal, see bug 1227519 */ + case TLS_DHE_RSA_WITH_AES_128_CBC_SHA: + t_cipher = 1; + break; + case TLS_DHE_RSA_WITH_AES_256_CBC_SHA: + t_cipher = 2; + break; + /* Current ciphers */ + case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: + t_cipher = 3; + break; + case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: + t_cipher = 4; + break; + case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: + t_cipher = 5; + break; + case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: + t_cipher = 6; + break; + case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: + t_cipher = 7; + break; + case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: + t_cipher = 8; + break; + case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: + t_cipher = 9; + break; + case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: + t_cipher = 10; + break; + /* TLS 1.3 ciphers */ + case TLS_AES_128_GCM_SHA256: + t_cipher = 11; + break; + case TLS_CHACHA20_POLY1305_SHA256: + t_cipher = 12; + break; + case TLS_AES_256_GCM_SHA384: + t_cipher = 13; + break; + } + + Telemetry::Accumulate(Telemetry::WEBRTC_DTLS_CIPHER, t_cipher); +} + } // close namespace diff --git a/media/mtransport/transportlayerdtls.h b/media/mtransport/transportlayerdtls.h index 93e51fb2375f..3b1233918e7b 100644 --- a/media/mtransport/transportlayerdtls.h +++ b/media/mtransport/transportlayerdtls.h @@ -161,6 +161,7 @@ class TransportLayerDtls final : public TransportLayer { UniqueCERTCertificate& cert) const; void RecordHandshakeCompletionTelemetry(TransportLayer::State endState); + void RecordCipherTelemetry(); RefPtr identity_; // What ALPN identifiers are permitted. diff --git a/toolkit/components/telemetry/Histograms.json b/toolkit/components/telemetry/Histograms.json index 49aec8b322dc..0faea38e5553 100644 --- a/toolkit/components/telemetry/Histograms.json +++ b/toolkit/components/telemetry/Histograms.json @@ -8653,6 +8653,15 @@ "n_buckets": 20, "description": "The length of time (in milliseconds) it took for a server DTLS handshake to complete, given that it failed." }, + "WEBRTC_DTLS_CIPHER": { + "record_in_processes": ["content"], + "alert_emails": ["webrtc-dtls-telemetry-alerts@mozilla.com", "nohlmeier@mozilla.com"], + "bug_numbers": [1484024], + "expires_in_version": "66", + "kind": "enumerated", + "n_values": 14, + "description": "The DTLS cipher (as integer) negotiated for a RTCPeerConnection. See TransportLayerDtls::RecordCipherTelemetry for the meaning of the values" + }, "WEBRTC_ICE_FINAL_CONNECTION_STATE": { "record_in_processes": ["main", "content"], "alert_emails": ["webrtc-ice-telemetry-alerts@mozilla.com, nohlmeier@mozilla.com"],