Mailing List Archive | ports@openbsd.org

From:: Theo Buehler <tb@theobuehler.org>
Subject:: Re: mitmproxy and debug message in console
To:: LWS <mediomen27@gmail.com>
Cc:: ports@openbsd.org
Date:: Tue, 6 May 2025 06:26:55 +0200

Download raw body.

Thread

2025-05-05 20:20 Theo Buehler:
mitmproxy and debug message in console
- 2025-05-05 23:27 LWS:
  mitmproxy and debug message in console
- - 2025-05-06 04:26 Theo Buehler:
    mitmproxy and debug message in console
  - - 2025-05-06 14:09 Ingo Schwarze:
      mitmproxy and debug message in console
  - 2025-05-06 06:58 Kirill A. Korinsky:
    mitmproxy and debug message in console

> So it is an openbsd decision although it is not clear to me if it is a
> security
> design decision or rather a standards adherence decision, since it seems to
> me
> that the software that implements this feature does it outside the
> standards.

It's a debugging tool amounting to a complete compromise of the most
important guarantees provided by TLS. It is not formally standardized
yet but that's just a matter of time at this point:

https://datatracker.ietf.org/doc/draft-ietf-tls-keylogfile/

If the security considerations are about as long as the description of
the thing you specify...

2025-05-05 20:20 Theo Buehler:
mitmproxy and debug message in console
- 2025-05-05 23:27 LWS:
  mitmproxy and debug message in console
- - 2025-05-06 04:26 Theo Buehler:
    mitmproxy and debug message in console
  - - 2025-05-06 14:09 Ingo Schwarze:
      mitmproxy and debug message in console
  - 2025-05-06 06:58 Kirill A. Korinsky:
    mitmproxy and debug message in console