Mailing List Archive | ports@openbsd.org

From:: Theo Buehler <tb@theobuehler.org>
Subject:: Re: mitmproxy and debug message in console
To:: LWS <mediomen27@gmail.com>
Cc:: ports@openbsd.org
Date:: Tue, 6 May 2025 06:26:55 +0200

Download raw body.

Thread

- 2025-05-05 20:20 Theo Buehler:
  mitmproxy and debug message in console
- - 2025-05-05 23:27 LWS:
    mitmproxy and debug message in console
  - - 2025-05-06 04:26 Theo Buehler:
      mitmproxy and debug message in console
    - 2025-05-06 06:58 Kirill A. Korinsky:
      mitmproxy and debug message in console

2025-05-05 20:15 Kirill A. Korinsky:

> So it is an openbsd decision although it is not clear to me if it is a
> security
> design decision or rather a standards adherence decision, since it seems to
> me
> that the software that implements this feature does it outside the
> standards.

It's a debugging tool amounting to a complete compromise of the most
important guarantees provided by TLS. It is not formally standardized
yet but that's just a matter of time at this point:

https://datatracker.ietf.org/doc/draft-ietf-tls-keylogfile/

If the security considerations are about as long as the description of
the thing you specify...

- 2025-05-05 20:20 Theo Buehler:
  mitmproxy and debug message in console
- - 2025-05-05 23:27 LWS:
    mitmproxy and debug message in console
  - - 2025-05-06 04:26 Theo Buehler:
      mitmproxy and debug message in console
    - 2025-05-06 06:58 Kirill A. Korinsky:
      mitmproxy and debug message in console

2025-05-05 20:15 Kirill A. Korinsky:

mitmproxy and debug message in console