← Back to context Comment by alexflint 19 days ago Very good to know about. But you still have the problem of decrypting TLS traffic. 4 comments alexflint Reply mdaniel 19 days ago I don't know if it's a standard but I believe a lot of tls libraries honor the SSLKEYLOGFILE env-var https://wiki.wireshark.org/TLS#:~:text=and%20curl%20when-,th... 2030ai 19 days ago That seems like an unnecessary vulnerability waiting to happen. wruza 19 days ago Can’t wait till they patch it away and we lose the ability to investigate our own https traffic. frogsRnice 18 days ago At some point someone needs to take responsibility for allowing modification of environment variables via something dumb like http. Debugging interfaces are fine- we should expect more from developers.
mdaniel 19 days ago I don't know if it's a standard but I believe a lot of tls libraries honor the SSLKEYLOGFILE env-var https://wiki.wireshark.org/TLS#:~:text=and%20curl%20when-,th... 2030ai 19 days ago That seems like an unnecessary vulnerability waiting to happen. wruza 19 days ago Can’t wait till they patch it away and we lose the ability to investigate our own https traffic. frogsRnice 18 days ago At some point someone needs to take responsibility for allowing modification of environment variables via something dumb like http. Debugging interfaces are fine- we should expect more from developers.
2030ai 19 days ago That seems like an unnecessary vulnerability waiting to happen. wruza 19 days ago Can’t wait till they patch it away and we lose the ability to investigate our own https traffic. frogsRnice 18 days ago At some point someone needs to take responsibility for allowing modification of environment variables via something dumb like http. Debugging interfaces are fine- we should expect more from developers.
wruza 19 days ago Can’t wait till they patch it away and we lose the ability to investigate our own https traffic.
frogsRnice 18 days ago At some point someone needs to take responsibility for allowing modification of environment variables via something dumb like http. Debugging interfaces are fine- we should expect more from developers.
I don't know if it's a standard but I believe a lot of tls libraries honor the SSLKEYLOGFILE env-var https://wiki.wireshark.org/TLS#:~:text=and%20curl%20when-,th...
That seems like an unnecessary vulnerability waiting to happen.
Can’t wait till they patch it away and we lose the ability to investigate our own https traffic.
At some point someone needs to take responsibility for allowing modification of environment variables via something dumb like http. Debugging interfaces are fine- we should expect more from developers.