Comment by alexflint 10 months ago Very good to know about. But you still have the problem of decrypting TLS traffic. 4 comments alexflint Reply mdaniel 10 months ago I don't know if it's a standard but I believe a lot of tls libraries honor the SSLKEYLOGFILE env-var https://wiki.wireshark.org/TLS#:~:text=and%20curl%20when-,th... 2030ai 10 months ago That seems like an unnecessary vulnerability waiting to happen. wruza 10 months ago Can’t wait till they patch it away and we lose the ability to investigate our own https traffic. frogsRnice 10 months ago At some point someone needs to take responsibility for allowing modification of environment variables via something dumb like http. Debugging interfaces are fine- we should expect more from developers.
mdaniel 10 months ago I don't know if it's a standard but I believe a lot of tls libraries honor the SSLKEYLOGFILE env-var https://wiki.wireshark.org/TLS#:~:text=and%20curl%20when-,th... 2030ai 10 months ago That seems like an unnecessary vulnerability waiting to happen. wruza 10 months ago Can’t wait till they patch it away and we lose the ability to investigate our own https traffic. frogsRnice 10 months ago At some point someone needs to take responsibility for allowing modification of environment variables via something dumb like http. Debugging interfaces are fine- we should expect more from developers.
2030ai 10 months ago That seems like an unnecessary vulnerability waiting to happen. wruza 10 months ago Can’t wait till they patch it away and we lose the ability to investigate our own https traffic. frogsRnice 10 months ago At some point someone needs to take responsibility for allowing modification of environment variables via something dumb like http. Debugging interfaces are fine- we should expect more from developers.
wruza 10 months ago Can’t wait till they patch it away and we lose the ability to investigate our own https traffic.
frogsRnice 10 months ago At some point someone needs to take responsibility for allowing modification of environment variables via something dumb like http. Debugging interfaces are fine- we should expect more from developers.
I don't know if it's a standard but I believe a lot of tls libraries honor the SSLKEYLOGFILE env-var https://wiki.wireshark.org/TLS#:~:text=and%20curl%20when-,th...
That seems like an unnecessary vulnerability waiting to happen.
Can’t wait till they patch it away and we lose the ability to investigate our own https traffic.
At some point someone needs to take responsibility for allowing modification of environment variables via something dumb like http. Debugging interfaces are fine- we should expect more from developers.