[eptcyka]

I know that arguing that SSLKEYLOGFILE is all you need will just be a different version of the rsync/dropbox comment, but I do wonder under what circumstances is one able to strace a binary and isn’t able to make it dump session keys? I read the headline and set high hopes on finding a nifty way to mitm apps on Android - alas, I’m not sure this would work there necessarily.

[formerly_proven]

Mostly that SSLKEYLOGFILE has only been an (disabled by default) OpenSSL feature for a few weeks (literally), apart from that it's something implemented by some other libraries (notably libcurl) on top. But it's very far from "just set this env var and the keys will pop out of any app using TLS".

[delusional]

The big usecase for me would be if you could attach the trace after starting the binary. The idea of coming into a production system that's behaving unexpectedly and getting a network sniff without having to fiddle with certificates is very attractive.

There's an alternative implementation where SSLKEYLOGFILE is more "dynamic" and permits being toggled on an off during runtime, but that doesn't currently exist.

[linsomniac]

My big use case is watching on the SERVER side, my coworkers will be asking me to help them debug something and I just want to see the HTTP plaintext, I don't really want to try running Apache under SSLKEYLOGFILE or something, I just want to see the data. ;-)