In NSS, we have landed bug 1183318 [1], which I expect will be part of Firefox 48.
This disables the use of the SSLKEYLOGFILE environment variable in optimized builds of NSS. That means all released Firefox channels won't have this feature as it rides the trains. This feature is sometimes used to extract TLS keys for decrypting Wireshark traces [2]. The landing of this bug means that it will no longer be possible to log all your secret keys unless you have a debug build. This is a fairly specialized thing to want to do, and weighing benefits against risks in this case is an exercise in comparing very small numbers, which is hard. I realize that this is very helpful for a select few people, but we decided to take the safe option in the absence of other information. (I almost forgot to send this, but then [3] reminded me in a very timely fashion.) [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1183318 [2] https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format [3] https://lists.mozilla.org/pipermail/dev-platform/2016-April/014573.html _______________________________________________ dev-platform mailing list [email protected] https://lists.mozilla.org/listinfo/dev-platform
