Comment by alexflint 5 months ago Very good to know about. But you still have the problem of decrypting TLS traffic. 4 comments alexflint Reply mdaniel 5 months ago I don't know if it's a standard but I believe a lot of tls libraries honor the SSLKEYLOGFILE env-var https://wiki.wireshark.org/TLS#:~:text=and%20curl%20when-,th... 2030ai 5 months ago That seems like an unnecessary vulnerability waiting to happen. wruza 5 months ago Can’t wait till they patch it away and we lose the ability to investigate our own https traffic. frogsRnice 5 months ago At some point someone needs to take responsibility for allowing modification of environment variables via something dumb like http. Debugging interfaces are fine- we should expect more from developers.
mdaniel 5 months ago I don't know if it's a standard but I believe a lot of tls libraries honor the SSLKEYLOGFILE env-var https://wiki.wireshark.org/TLS#:~:text=and%20curl%20when-,th... 2030ai 5 months ago That seems like an unnecessary vulnerability waiting to happen. wruza 5 months ago Can’t wait till they patch it away and we lose the ability to investigate our own https traffic. frogsRnice 5 months ago At some point someone needs to take responsibility for allowing modification of environment variables via something dumb like http. Debugging interfaces are fine- we should expect more from developers.
2030ai 5 months ago That seems like an unnecessary vulnerability waiting to happen. wruza 5 months ago Can’t wait till they patch it away and we lose the ability to investigate our own https traffic. frogsRnice 5 months ago At some point someone needs to take responsibility for allowing modification of environment variables via something dumb like http. Debugging interfaces are fine- we should expect more from developers.
wruza 5 months ago Can’t wait till they patch it away and we lose the ability to investigate our own https traffic.
frogsRnice 5 months ago At some point someone needs to take responsibility for allowing modification of environment variables via something dumb like http. Debugging interfaces are fine- we should expect more from developers.
I don't know if it's a standard but I believe a lot of tls libraries honor the SSLKEYLOGFILE env-var https://wiki.wireshark.org/TLS#:~:text=and%20curl%20when-,th...
That seems like an unnecessary vulnerability waiting to happen.
Can’t wait till they patch it away and we lose the ability to investigate our own https traffic.
At some point someone needs to take responsibility for allowing modification of environment variables via something dumb like http. Debugging interfaces are fine- we should expect more from developers.