← Back to context Comment by alexflint 1 year ago Very good to know about. But you still have the problem of decrypting TLS traffic. 4 comments alexflint Reply mdaniel 1 year ago I don't know if it's a standard but I believe a lot of tls libraries honor the SSLKEYLOGFILE env-var https://wiki.wireshark.org/TLS#:~:text=and%20curl%20when-,th... 2030ai 1 year ago That seems like an unnecessary vulnerability waiting to happen. wruza 1 year ago Can’t wait till they patch it away and we lose the ability to investigate our own https traffic. frogsRnice 1 year ago At some point someone needs to take responsibility for allowing modification of environment variables via something dumb like http. Debugging interfaces are fine- we should expect more from developers.
mdaniel 1 year ago I don't know if it's a standard but I believe a lot of tls libraries honor the SSLKEYLOGFILE env-var https://wiki.wireshark.org/TLS#:~:text=and%20curl%20when-,th... 2030ai 1 year ago That seems like an unnecessary vulnerability waiting to happen. wruza 1 year ago Can’t wait till they patch it away and we lose the ability to investigate our own https traffic. frogsRnice 1 year ago At some point someone needs to take responsibility for allowing modification of environment variables via something dumb like http. Debugging interfaces are fine- we should expect more from developers.
2030ai 1 year ago That seems like an unnecessary vulnerability waiting to happen. wruza 1 year ago Can’t wait till they patch it away and we lose the ability to investigate our own https traffic. frogsRnice 1 year ago At some point someone needs to take responsibility for allowing modification of environment variables via something dumb like http. Debugging interfaces are fine- we should expect more from developers.
wruza 1 year ago Can’t wait till they patch it away and we lose the ability to investigate our own https traffic.
frogsRnice 1 year ago At some point someone needs to take responsibility for allowing modification of environment variables via something dumb like http. Debugging interfaces are fine- we should expect more from developers.
I don't know if it's a standard but I believe a lot of tls libraries honor the SSLKEYLOGFILE env-var https://wiki.wireshark.org/TLS#:~:text=and%20curl%20when-,th...
That seems like an unnecessary vulnerability waiting to happen.
Can’t wait till they patch it away and we lose the ability to investigate our own https traffic.
At some point someone needs to take responsibility for allowing modification of environment variables via something dumb like http. Debugging interfaces are fine- we should expect more from developers.