From 3eb5acde8805783189a4cb3d2e4b15e7d84dc7f2 Mon Sep 17 00:00:00 2001 From: Zi Lin Date: Mon, 24 Nov 2014 12:29:22 -0800 Subject: [PATCH 1/6] Add scipts to monitor nginx ssl session ticket keys and session ticket resumptions. --- README.markdown | 28 ++++++- samples/ngx-ssl-session-resumption-stats.sxx | 47 ++++++++++++ samples/ngx-ssl-session-ticket-keys.sxx | 79 ++++++++++++++++++++ tapset/nginx/array.sxx | 12 +++ tapset/nginx/openssl.sxx | 19 +++++ 5 files changed, 184 insertions(+), 1 deletion(-) create mode 100644 samples/ngx-ssl-session-resumption-stats.sxx create mode 100644 samples/ngx-ssl-session-ticket-keys.sxx create mode 100644 tapset/nginx/array.sxx create mode 100644 tapset/nginx/openssl.sxx diff --git a/README.markdown b/README.markdown index 3936db1..cea3857 100644 --- a/README.markdown +++ b/README.markdown @@ -48,6 +48,8 @@ Table of Contents * [ngx-orig-resp-body-len](#ngx-orig-resp-body-len) * [zlib-deflate-chunk-size](#zlib-deflate-chunk-size) * [lj-str-tab](#lj-str-tab) + * [ngx-ssl-session-ticket-keys](#ngx-ssl-session-ticket-keys) + * [ngx-ssl-session-resumption-stats](#ngx-ssl-session-resumption-stats) * [Installation](#installation) * [Author](#author) * [Copyright and License](#copyright-and-license) @@ -1453,7 +1455,31 @@ value |-------------------------------------------------- count lj-str-tab ---------- -Analayzing the structure and various statistics of the global Lua string hash table in the LuaJIT v2.1 VM. +Analyzing the structure and various statistics of the global Lua string hash table in the LuaJIT v2.1 VM. + +[Back to TOC](#table-of-contents) + +ngx-ssl-session-ticket-keys +---------- + +Dumping ssl session ticket keys of a nginx worker. + +```bash +# assuming one nginx worker process has the pid 3781. +$ ./samples/ngx-ssl-session-ticket-keys.sxx -I ./tapset -x 3781 +``` + +[Back to TOC](#table-of-contents) + +ngx-ssl-session-resumption-stats +---------- + +Analyzing the statistics of nginx SSL/TLS session ticket resumption. + +```bash +# assuming one nginx worker process has the pid 3781. +$ ./samples/ngx-ssl-session-resumption-stats.sxx -x 3781 +``` [Back to TOC](#table-of-contents) diff --git a/samples/ngx-ssl-session-resumption-stats.sxx b/samples/ngx-ssl-session-resumption-stats.sxx new file mode 100644 index 0000000..7f7b385 --- /dev/null +++ b/samples/ngx-ssl-session-resumption-stats.sxx @@ -0,0 +1,47 @@ +#!/usr/bin/env stap++ + +# Capture ssl session resumption statistics. + +global total +global tickets +global resumed +global reencrypted + +probe begin { + printf("Start tracing NGX OPENSSL ticket key callback\n"); +} + +probe @pfunc(ngx_ssl_session_ticket_key_callback).return { + total++; + # record client session ticket decryption calls + if ($enc == 0) { + tickets++; + if ($return > 0) resumed++; + if ($return > 1) reencrypted++; + } +} + +probe end { + printf("Stop tracing NGX OPENSSL ticket key callback\n"); + printf("Total sessions: %d\n", total); + printf("Total session tickets: %d\n", tickets); + printf("Total resumed session: %d\n", resumed); + printf("Total re-encrypted session ticket: %d\n", reencrypted); + + if (total > 0) { + ratio1 = (tickets * 100) / total; + + } else { + ratio1 = 0; + } + + if (tickets > 0) { + ratio2 = (resumed * 100) / tickets; + + } else { + ratio2 = 0; + } + printf("Session resumption attempts ratio: %d percent\n", ratio1) + printf("Session resumption success ratio: %d percent\n", ratio2) + exit(); +} diff --git a/samples/ngx-ssl-session-ticket-keys.sxx b/samples/ngx-ssl-session-ticket-keys.sxx new file mode 100644 index 0000000..496fa7e --- /dev/null +++ b/samples/ngx-ssl-session-ticket-keys.sxx @@ -0,0 +1,79 @@ +#!/usr/bin/env stap++ + +# Capture ssl session tickets. + +@use nginx.array +@use nginx.openssl + +probe begin { + printf("Start tracing NGX OPENSSL ticket key callback\n") +} + +// print 16-byte key name +function print_key_name(name) { + printf("key name: "); + $*n := @cast(name, "unsigned char", "$^exec_path") + for (i=0; i<16; i++) { + printf("%02x", $*n[i]) + } + printf("\n") +} + +// print 16-byte aes state +function print_key_aes(state) { + printf("key aes state: "); + $*s := @cast(state, "unsigned char", "$^exec_path") + for (i=0; i<16; i++) { + printf("%02x", $*s[i]) + } + printf("\n") +} + +// print 16-byte hmac state +function print_key_hmac(state) { + printf("key hmac state: "); + $*s := @cast(state, "unsigned char", "$^exec_path") + for (i=0; i<16; i++) { + printf("%02x", $*s[i]) + } + printf("\n") +} + +// print session ticket content +function print_session_ticket_key(key) { + $*k := @cast(key, "ngx_ssl_session_ticket_key_t", "$^exec_path") + print_key_name($*k->name) + // should disable by default the two calls below to maintain key confidentiality. + print_key_aes($*k->aes_key) + print_key_hmac($*k->hmac_key) +} + +probe @pfunc(ngx_ssl_session_ticket_key_callback).return { + keys_index = @var("ngx_ssl_session_ticket_keys_index@src/event/ngx_event_openssl.c") + num = get_ssl_ex_data_len($ssl_conn->ctx) + if (keys_index > num) { + printf("Error: ticket key list is not supported") + + } else { + keys = get_ssl_ex_data_item($ssl_conn->ctx, keys_index) + keys_len = get_ngx_array_len(keys) + if (keys_len <= 0) { + printf("Error: empty key list") + + } else { + key_ptr = get_ngx_array_elts(keys) + enc_key = key_ptr + last_key = &@cast(key_ptr, "ngx_ssl_session_ticket_key_t", "$^exec_path")[keys_len-1] + printf("keys len %d\n", keys_len) + printf("enc key:\n") + print_session_ticket_key(enc_key) + printf("last dec key:\n") + print_session_ticket_key(last_key) + } + } +} + +probe end { + printf("Stop tracing NGX OPENSSL ticket key callback\n") + exit() +} diff --git a/tapset/nginx/array.sxx b/tapset/nginx/array.sxx new file mode 100644 index 0000000..2258ba9 --- /dev/null +++ b/tapset/nginx/array.sxx @@ -0,0 +1,12 @@ +// module nginx.array + +function get_ngx_array_len(ngx_arr) { + $*arr := @cast(ngx_arr, "ngx_array_t", "$^exec_path") + return $*arr->nelts + +} + +function get_ngx_array_elts(ngx_arr) { + $*arr := @cast(ngx_arr, "ngx_array_t", "$^exec_path") + return $*arr->elts +} diff --git a/tapset/nginx/openssl.sxx b/tapset/nginx/openssl.sxx new file mode 100644 index 0000000..dccb0b6 --- /dev/null +++ b/tapset/nginx/openssl.sxx @@ -0,0 +1,19 @@ +// module nginx.openssl + +// extract ex_data pointer from openssl SSL_CTX +function get_ssl_ex_data(ssl_ctx) { + $*ctx := @cast(ssl_ctx, "SSL_CTX", "$^exec_path") + return &$*ctx->ex_data +} + +// extract number of items in SSL_CTX ex_data +function get_ssl_ex_data_len(ssl_ctx) { + ex_data = get_ssl_ex_data(ssl_ctx) + return ex_data->sk->stack->num +} + +// extract the item specified by idx in SSL_CTX ex_data +function get_ssl_ex_data_item(ssl_ctx, idx) { + ex_data = get_ssl_ex_data(ssl_ctx) + return ex_data->sk->stack->data[idx] +} From bba6a341365e6d5ac8309e3e2b2965441c41f780 Mon Sep 17 00:00:00 2001 From: Zi Lin Date: Tue, 25 Nov 2014 13:32:20 -0800 Subject: [PATCH 2/6] Address agentzh's comments. --- README.markdown | 8 +++++++- samples/ngx-ssl-session-resumption-stats.sxx | 4 ++-- samples/ngx-ssl-session-ticket-keys.sxx | 10 +++++----- tapset/nginx/array.sxx | 2 +- tapset/{nginx => }/openssl.sxx | 8 +++++--- 5 files changed, 20 insertions(+), 12 deletions(-) mode change 100644 => 100755 samples/ngx-ssl-session-resumption-stats.sxx mode change 100644 => 100755 samples/ngx-ssl-session-ticket-keys.sxx rename tapset/{nginx => }/openssl.sxx (66%) diff --git a/README.markdown b/README.markdown index cea3857..10f2854 100644 --- a/README.markdown +++ b/README.markdown @@ -1465,8 +1465,11 @@ ngx-ssl-session-ticket-keys Dumping ssl session ticket keys of a nginx worker. ```bash +# making the ./stap++ tool visible in PATH: +$ export PATH=$PWD:$PATH + # assuming one nginx worker process has the pid 3781. -$ ./samples/ngx-ssl-session-ticket-keys.sxx -I ./tapset -x 3781 +$ ./samples/ngx-ssl-session-ticket-keys.sxx -x 3781 ``` [Back to TOC](#table-of-contents) @@ -1477,6 +1480,9 @@ ngx-ssl-session-resumption-stats Analyzing the statistics of nginx SSL/TLS session ticket resumption. ```bash +# making the ./stap++ tool visible in PATH: +$ export PATH=$PWD:$PATH + # assuming one nginx worker process has the pid 3781. $ ./samples/ngx-ssl-session-resumption-stats.sxx -x 3781 ``` diff --git a/samples/ngx-ssl-session-resumption-stats.sxx b/samples/ngx-ssl-session-resumption-stats.sxx old mode 100644 new mode 100755 index 7f7b385..3da3bec --- a/samples/ngx-ssl-session-resumption-stats.sxx +++ b/samples/ngx-ssl-session-resumption-stats.sxx @@ -1,6 +1,6 @@ #!/usr/bin/env stap++ -# Capture ssl session resumption statistics. +# Capture ssl session resumption statistics. global total global tickets @@ -39,7 +39,7 @@ probe end { ratio2 = (resumed * 100) / tickets; } else { - ratio2 = 0; + ratio2 = 0; } printf("Session resumption attempts ratio: %d percent\n", ratio1) printf("Session resumption success ratio: %d percent\n", ratio2) diff --git a/samples/ngx-ssl-session-ticket-keys.sxx b/samples/ngx-ssl-session-ticket-keys.sxx old mode 100644 new mode 100755 index 496fa7e..aa7caf5 --- a/samples/ngx-ssl-session-ticket-keys.sxx +++ b/samples/ngx-ssl-session-ticket-keys.sxx @@ -3,7 +3,7 @@ # Capture ssl session tickets. @use nginx.array -@use nginx.openssl +@use openssl probe begin { printf("Start tracing NGX OPENSSL ticket key callback\n") @@ -14,7 +14,7 @@ function print_key_name(name) { printf("key name: "); $*n := @cast(name, "unsigned char", "$^exec_path") for (i=0; i<16; i++) { - printf("%02x", $*n[i]) + printf("%02x", $*n[i]) } printf("\n") } @@ -24,7 +24,7 @@ function print_key_aes(state) { printf("key aes state: "); $*s := @cast(state, "unsigned char", "$^exec_path") for (i=0; i<16; i++) { - printf("%02x", $*s[i]) + printf("%02x", $*s[i]) } printf("\n") } @@ -34,7 +34,7 @@ function print_key_hmac(state) { printf("key hmac state: "); $*s := @cast(state, "unsigned char", "$^exec_path") for (i=0; i<16; i++) { - printf("%02x", $*s[i]) + printf("%02x", $*s[i]) } printf("\n") } @@ -63,7 +63,7 @@ probe @pfunc(ngx_ssl_session_ticket_key_callback).return { } else { key_ptr = get_ngx_array_elts(keys) enc_key = key_ptr - last_key = &@cast(key_ptr, "ngx_ssl_session_ticket_key_t", "$^exec_path")[keys_len-1] + last_key = &@cast(key_ptr, "ngx_ssl_session_ticket_key_t", "$^exec_path")[keys_len-1] printf("keys len %d\n", keys_len) printf("enc key:\n") print_session_ticket_key(enc_key) diff --git a/tapset/nginx/array.sxx b/tapset/nginx/array.sxx index 2258ba9..0d4f448 100644 --- a/tapset/nginx/array.sxx +++ b/tapset/nginx/array.sxx @@ -3,7 +3,7 @@ function get_ngx_array_len(ngx_arr) { $*arr := @cast(ngx_arr, "ngx_array_t", "$^exec_path") return $*arr->nelts - + } function get_ngx_array_elts(ngx_arr) { diff --git a/tapset/nginx/openssl.sxx b/tapset/openssl.sxx similarity index 66% rename from tapset/nginx/openssl.sxx rename to tapset/openssl.sxx index dccb0b6..9b6b314 100644 --- a/tapset/nginx/openssl.sxx +++ b/tapset/openssl.sxx @@ -1,4 +1,4 @@ -// module nginx.openssl +// module openssl.ssl_ctx // extract ex_data pointer from openssl SSL_CTX function get_ssl_ex_data(ssl_ctx) { @@ -9,11 +9,13 @@ function get_ssl_ex_data(ssl_ctx) { // extract number of items in SSL_CTX ex_data function get_ssl_ex_data_len(ssl_ctx) { ex_data = get_ssl_ex_data(ssl_ctx) - return ex_data->sk->stack->num + $*data := @cast(ex_data, "CRYPTO_EX_DATA", "$^exec_path") + return $*data->sk->stack->num } // extract the item specified by idx in SSL_CTX ex_data function get_ssl_ex_data_item(ssl_ctx, idx) { ex_data = get_ssl_ex_data(ssl_ctx) - return ex_data->sk->stack->data[idx] + $*data := @cast(ex_data, "CRYPTO_EX_DATA", "$^exec_path") + return $*data->sk->stack->data[idx] } From 3ffd8e87dfa21c380784f64943b5fcb737377ed9 Mon Sep 17 00:00:00 2001 From: Zi Lin Date: Tue, 25 Nov 2014 13:58:14 -0800 Subject: [PATCH 3/6] comment fixup --- tapset/openssl.sxx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tapset/openssl.sxx b/tapset/openssl.sxx index 9b6b314..0d3bb48 100644 --- a/tapset/openssl.sxx +++ b/tapset/openssl.sxx @@ -1,4 +1,4 @@ -// module openssl.ssl_ctx +// module openssl // extract ex_data pointer from openssl SSL_CTX function get_ssl_ex_data(ssl_ctx) { From 76600fdc8c78c5ef82446e7195cc22ab975221cf Mon Sep 17 00:00:00 2001 From: Zi Lin Date: Tue, 25 Nov 2014 15:10:02 -0800 Subject: [PATCH 4/6] better tracing msg. --- samples/ngx-ssl-session-resumption-stats.sxx | 2 +- samples/ngx-ssl-session-ticket-keys.sxx | 7 +------ 2 files changed, 2 insertions(+), 7 deletions(-) diff --git a/samples/ngx-ssl-session-resumption-stats.sxx b/samples/ngx-ssl-session-resumption-stats.sxx index 3da3bec..c1744e9 100755 --- a/samples/ngx-ssl-session-resumption-stats.sxx +++ b/samples/ngx-ssl-session-resumption-stats.sxx @@ -8,7 +8,7 @@ global resumed global reencrypted probe begin { - printf("Start tracing NGX OPENSSL ticket key callback\n"); + warn(sprintf("Tracing process %d ($^exec_path).\nHit Ctrl-C to end.\n", target())) } probe @pfunc(ngx_ssl_session_ticket_key_callback).return { diff --git a/samples/ngx-ssl-session-ticket-keys.sxx b/samples/ngx-ssl-session-ticket-keys.sxx index aa7caf5..d562cf4 100755 --- a/samples/ngx-ssl-session-ticket-keys.sxx +++ b/samples/ngx-ssl-session-ticket-keys.sxx @@ -6,7 +6,7 @@ @use openssl probe begin { - printf("Start tracing NGX OPENSSL ticket key callback\n") + warn(sprintf("Tracing process %d ($^exec_path).\nHit Ctrl-C to end.\n", target())) } // print 16-byte key name @@ -72,8 +72,3 @@ probe @pfunc(ngx_ssl_session_ticket_key_callback).return { } } } - -probe end { - printf("Stop tracing NGX OPENSSL ticket key callback\n") - exit() -} From 4a1b448c4823a90cda5d3837c0bedb7d12a2401e Mon Sep 17 00:00:00 2001 From: Zi Lin Date: Tue, 27 Jan 2015 12:02:10 -0800 Subject: [PATCH 5/6] Address agentzh's comments, rename one script. --- README.markdown | 38 ++++++++++++++-- samples/ngx-ssl-session-ticket-keys.sxx | 43 ++++++------------- ...x-ssl-session-ticket-resumption-stats.sxx} | 21 +++++++-- 3 files changed, 64 insertions(+), 38 deletions(-) rename samples/{ngx-ssl-session-resumption-stats.sxx => ngx-ssl-session-ticket-resumption-stats.sxx} (59%) diff --git a/README.markdown b/README.markdown index 10f2854..a5a378c 100644 --- a/README.markdown +++ b/README.markdown @@ -49,7 +49,7 @@ Table of Contents * [zlib-deflate-chunk-size](#zlib-deflate-chunk-size) * [lj-str-tab](#lj-str-tab) * [ngx-ssl-session-ticket-keys](#ngx-ssl-session-ticket-keys) - * [ngx-ssl-session-resumption-stats](#ngx-ssl-session-resumption-stats) + * [ngx-ssl-session-ticket-resumption-stats](#ngx-ssl-session-ticket-resumption-stats) * [Installation](#installation) * [Author](#author) * [Copyright and License](#copyright-and-license) @@ -1462,7 +1462,9 @@ Analyzing the structure and various statistics of the global Lua string hash tab ngx-ssl-session-ticket-keys ---------- -Dumping ssl session ticket keys of a nginx worker. +Dumping ssl session ticket keys of a nginx worker. It will exit on the first +time it captures the ticket keys. It can be utilized as a cron job to monitor if +session ticket rotation actually happends. ```bash # making the ./stap++ tool visible in PATH: @@ -1470,21 +1472,49 @@ $ export PATH=$PWD:$PATH # assuming one nginx worker process has the pid 3781. $ ./samples/ngx-ssl-session-ticket-keys.sxx -x 3781 +Tracing process 3781 (/etc/nginx/sbin/nginx). +Exit on first capture. Or hit Ctrl-C to end. +keys len 3 +enc key: +key name: 5589398e87a104dd30691fbc3c8446c6 +dec key: +key name: f14c1d6611ad4802eccf6332f3b356f5 +dec key: +key name: b9cb4fb269a4148cc7c19c71d9e8554d ``` [Back to TOC](#table-of-contents) -ngx-ssl-session-resumption-stats +ngx-ssl-session-ticket-resumption-stats ---------- Analyzing the statistics of nginx SSL/TLS session ticket resumption. +It counts the total number of session ticket encryption/decryption events +Then it calculates the ratio of session ticket resumption attempts versus +session ticket eligible connections and the ratio of successful session ticket +resumption versus total number of session ticket resumption attemtps. Finally, +it calculates the session ticket resumption rate as the product of the above +two ratio. + +Here is an example on monitoring session ticket resumption statistics +on a local nginx instance for 30 seconds. ```bash # making the ./stap++ tool visible in PATH: $ export PATH=$PWD:$PATH # assuming one nginx worker process has the pid 3781. -$ ./samples/ngx-ssl-session-resumption-stats.sxx -x 3781 +$ ./samples/ngx-ssl-session-ticket-resumption-stats.sxx -x 3781 --arg time=30 +Tracing process 3781 (/etc/nginx/sbin/nginx). +Pleasese wait for 30 seconds... +Stop tracing NGX OPENSSL ticket key callback +Total sessions: 11 +Total session tickets: 10 +Total resumed session ticket: 10 +Total re-encrypted session ticket: 0 +Session ticket resumption attempts ratio: 90 percent +Session ticket resumption success ratio: 100 percent +Total session ticket resumption rate: 90 percent ``` [Back to TOC](#table-of-contents) diff --git a/samples/ngx-ssl-session-ticket-keys.sxx b/samples/ngx-ssl-session-ticket-keys.sxx index d562cf4..192d3bc 100755 --- a/samples/ngx-ssl-session-ticket-keys.sxx +++ b/samples/ngx-ssl-session-ticket-keys.sxx @@ -6,7 +6,7 @@ @use openssl probe begin { - warn(sprintf("Tracing process %d ($^exec_path).\nHit Ctrl-C to end.\n", target())) + printf("Tracing process %d ($^exec_path).\nExit on first capture. Or hit Ctrl-C to end.\n", target()) } // print 16-byte key name @@ -19,33 +19,11 @@ function print_key_name(name) { printf("\n") } -// print 16-byte aes state -function print_key_aes(state) { - printf("key aes state: "); - $*s := @cast(state, "unsigned char", "$^exec_path") - for (i=0; i<16; i++) { - printf("%02x", $*s[i]) - } - printf("\n") -} - -// print 16-byte hmac state -function print_key_hmac(state) { - printf("key hmac state: "); - $*s := @cast(state, "unsigned char", "$^exec_path") - for (i=0; i<16; i++) { - printf("%02x", $*s[i]) - } - printf("\n") -} - // print session ticket content function print_session_ticket_key(key) { $*k := @cast(key, "ngx_ssl_session_ticket_key_t", "$^exec_path") print_key_name($*k->name) - // should disable by default the two calls below to maintain key confidentiality. - print_key_aes($*k->aes_key) - print_key_hmac($*k->hmac_key) + // could be extended to print out other cipher states } probe @pfunc(ngx_ssl_session_ticket_key_callback).return { @@ -62,13 +40,18 @@ probe @pfunc(ngx_ssl_session_ticket_key_callback).return { } else { key_ptr = get_ngx_array_elts(keys) - enc_key = key_ptr - last_key = &@cast(key_ptr, "ngx_ssl_session_ticket_key_t", "$^exec_path")[keys_len-1] printf("keys len %d\n", keys_len) - printf("enc key:\n") - print_session_ticket_key(enc_key) - printf("last dec key:\n") - print_session_ticket_key(last_key) + for (i=0; i 0) { @@ -41,7 +52,9 @@ probe end { } else { ratio2 = 0; } - printf("Session resumption attempts ratio: %d percent\n", ratio1) - printf("Session resumption success ratio: %d percent\n", ratio2) + printf("Session ticket resumption attempts ratio: %d percent\n", ratio1) + printf("Session ticket resumption success ratio: %d percent\n", ratio2) + printf("Total session ticket resumption rate: %d percent\n", + ratio1 * ratio2 / 100) exit(); } From 3878abd6f689302bcbb2b12e5742a3c3a02da71c Mon Sep 17 00:00:00 2001 From: Zi Lin Date: Tue, 27 Jan 2015 12:54:25 -0800 Subject: [PATCH 6/6] more polish --- README.markdown | 20 +++++++++---------- samples/ngx-ssl-session-ticket-keys.sxx | 8 ++++---- ...gx-ssl-session-ticket-resumption-stats.sxx | 6 +++--- 3 files changed, 17 insertions(+), 17 deletions(-) diff --git a/README.markdown b/README.markdown index a5a378c..fdb2760 100644 --- a/README.markdown +++ b/README.markdown @@ -1474,13 +1474,13 @@ $ export PATH=$PWD:$PATH $ ./samples/ngx-ssl-session-ticket-keys.sxx -x 3781 Tracing process 3781 (/etc/nginx/sbin/nginx). Exit on first capture. Or hit Ctrl-C to end. -keys len 3 -enc key: -key name: 5589398e87a104dd30691fbc3c8446c6 -dec key: -key name: f14c1d6611ad4802eccf6332f3b356f5 -dec key: -key name: b9cb4fb269a4148cc7c19c71d9e8554d +Number of keys: 3 +encryption key: + name: 5589398e87a104dd30691fbc3c8446c6 +decryption key #1: + name: f14c1d6611ad4802eccf6332f3b356f5 +decryption key #2: + name: b9cb4fb269a4148cc7c19c71d9e8554d ``` [Back to TOC](#table-of-contents) @@ -1512,9 +1512,9 @@ Total sessions: 11 Total session tickets: 10 Total resumed session ticket: 10 Total re-encrypted session ticket: 0 -Session ticket resumption attempts ratio: 90 percent -Session ticket resumption success ratio: 100 percent -Total session ticket resumption rate: 90 percent +Session ticket resumption attempts ratio: 90% +Session ticket resumption success ratio: 100% +Total session ticket resumption rate: 90% ``` [Back to TOC](#table-of-contents) diff --git a/samples/ngx-ssl-session-ticket-keys.sxx b/samples/ngx-ssl-session-ticket-keys.sxx index 192d3bc..9e029f4 100755 --- a/samples/ngx-ssl-session-ticket-keys.sxx +++ b/samples/ngx-ssl-session-ticket-keys.sxx @@ -11,7 +11,7 @@ probe begin { // print 16-byte key name function print_key_name(name) { - printf("key name: "); + printf("\tname: "); $*n := @cast(name, "unsigned char", "$^exec_path") for (i=0; i<16; i++) { printf("%02x", $*n[i]) @@ -40,14 +40,14 @@ probe @pfunc(ngx_ssl_session_ticket_key_callback).return { } else { key_ptr = get_ngx_array_elts(keys) - printf("keys len %d\n", keys_len) + printf("Number of keys: %d\n", keys_len) for (i=0; i