Analyzer ngx-tls-session-resumption
Name
ngx-tls-session-resumption - Downstream SSL/TLS Session Resumption Statistics
This analyzer monitors SSL/TLS session resumption behavior for downstream client connections in Nginx-based applications such as OpenResty and Kong. It tracks various resumption mechanisms including session ID reuse, session ticket reuse, and handshake failures. The analyzer generates pie charts and detailed statistics showing the distribution of resumption types and failure modes, helping optimize TLS performance by identifying opportunities to improve session caching and reduce expensive full handshakes.
Resource Category
Network I/O.
Application Type & Technical Stack
- OpenResty
- Kong
- APISIX
Command Line Syntax
The analyzer can be invoked directly on the command-line via the orxray
utility from the openresty-xray-cli software package.
Alternatively, the analyzer can also be invoked manually or automatically on the web console UI of OpenResty XRay (like on the Advanced web page).
# PID is the target process PID.
orxray analyzer run ngx-tls-session-resumption -p PID
# trace a shell command directly
orxray analyzer run ngx-tls-session-resumption -c SHELL_CMD
# PGID is the process group ID or any process's PID within the target process
# group.
orxray analyzer run ngx-tls-session-resumption -p -PGID
# trace any processes started from the specified executable path.
orxray analyzer run ngx-tls-session-resumption --exe /path/to/exe/file
Tracing Multiple Processes
Supported.
Output Formats
- Pie Charts
- Plain Texts
Output Example
[
{
"title": "Downstream SSL/TLS Session Resumption Statistics",
"subtitle": "1 SSL/TLS session resumption succeed in 30 SSL/TLS handshakes",
"type": "pie",
"id": "",
"series": {
"data": {
"Handshake_failed": 1,
"Session_id_reused": 0,
"Ticket_failed": 0,
"Ticket_reused": 1,
"Session_id_failed": 0,
"Or_session_id_failed": 0,
"Or_session_id_reused": 0,
"Other": 28
},
"name": "Handshake count",
"valueUnit": ""
},
"ver": 1,
"kind": "tls-session-resumption"
},
{
"title": "User Agents of SSL/TLS Session Ticket Resumption Success",
"subtitle": "1 User Agent SSL/TLS Ticket Resumption Success in 22",
"type": "pie",
"id": "",
"series": {
"data": {
"\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36\"": 1
},
"name": "Handshake count",
"valueUnit": ""
},
"ver": 1,
"kind": "user-agent-ticket-resumption-success"
},
{
"title": "User Agents of no SSL/TLS Session Resumption",
"subtitle": "21 User Agent No SSL/TLS Session Resumption in 22",
"type": "pie",
"id": "",
"series": {
"data": {
"\"Mozilla/5.0 (Linux; Android 9; MI 9) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.2890.111 Mobile Safari/537.36\"": 2,
"\"Mozilla/5.0 (Linux; U; Android 2.3.7; zh-cn; MB200 Build/GRJ22; CyanogenMod-7) AppleWebKit/535.2 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1\"": 2,
"\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.0.0 Safari/537.36\"": 5,
"\"Mozilla/5.0 (iPhone; CPU iPhone OS 12_4 like Mac OS X) AppleWebKit/606.2.34 (KHTML, like Gecko) Mobile/15E148 MicroMessenger/7.0.5(0x17000523) NetType/WIFI Language/zh_CN\"": 2,
"\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36\"": 6,
"\"Mozilla/5.0 (Linux; Android 11; Pixel 5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.3772.137 Mobile Safari/537.36\"": 2,
"\"Mozilla/5.0 (Linux; Android 7.1.1; OPPO R9sk Build/NMF26F; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/69.0.4479.119 Mobile Safari/537.36 AWP/2.0 SogouMSE,SogouMobileBrowser/5.22.8\"": 2
},
"name": "Handshake count",
"valueUnit": ""
},
"ver": 1,
"kind": "user-agent-no-resumption"
}
]
Author
The OpenResty Inc. Team.
Copyright
Copyright (C) by OpenResty Inc. All rights reserved.