I can realize that this might open some holes, but it is also a useful function for developers to investigate how their connection goes. (I thought about this kind of function yesterday, but I wasn't aware it has been already available.)
Could we probably restrict it to non-release builds (aurora and nightly) rather than restrict them to debug builds only? Debug builds are harder to get, and are slow. It would be great if this function can be provided with a normal build but only exposed to a limited user base. - Xidorn On Tue, Apr 26, 2016 at 12:44 PM, Martin Thomson <m...@mozilla.com> wrote: > In NSS, we have landed bug 1183318 [1], which I expect will be part of > Firefox 48. > > This disables the use of the SSLKEYLOGFILE environment variable in > optimized builds of NSS. That means all released Firefox channels > won't have this feature as it rides the trains. > > This feature is sometimes used to extract TLS keys for decrypting > Wireshark traces [2]. The landing of this bug means that it will no > longer be possible to log all your secret keys unless you have a debug > build. > > This is a fairly specialized thing to want to do, and weighing > benefits against risks in this case is an exercise in comparing very > small numbers, which is hard. I realize that this is very helpful for > a select few people, but we decided to take the safe option in the > absence of other information. > > (I almost forgot to send this, but then [3] reminded me in a very > timely fashion.) > > [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1183318 > [2] > https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format > [3] > https://lists.mozilla.org/pipermail/dev-platform/2016-April/014573.html > _______________________________________________ > dev-platform mailing list > dev-platform@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-platform > _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
