Hi, On Mon, Jul 1, 2024 at 11:02 AM Max Nikulin wrote: > > On 01/07/2024 13:57, Lee wrote: > > On Sun, Jun 30, 2024 at 11:30 AM Max Nikulin wrote: > >>>>> On Sat, Jun 29, 2024 at 4:13 PM Lee wrote: > >>>>>> set SSLKEYLOGFILE=C:\Users\Lee\AppData\Local\Temp\FF-SSLkeys.txt > >>>>>> start C:\"Program Files\Firefox\Firefox.exe" > > > > This looks like the Debian bug report > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842292 > > > >> Lee, may you, please, specify Firefox version and release channel you > >> are using on Windows where this feature is working? > > > > Firefox 115.12.0esr -- which is the current extended service release > > software > > I'm not sure what you mean by release channel .. ESR? > > Thanks. I expected that you may use either developer release, beta, or > even nightly.
Nope - just regular firefox-esr > Is libnss built with logging support ABI compatible with the variant in > Debian repositories? (Or can it be patched to achieve ABI > compatibility?) Instead of asking for changing compile flags for all > users, from my point of view, it is better to suggest alternative > packages with and without logging enabled. > > Browsers are rather sensitive applications, so I find it reasonable that > dumping of encryption keys are not available by default. Maybe I don't know enough to know what's "reasonable" or not.. but I don't see a problem with me being able to inspect the traffic between me and some website. Anyone else wants to intercept my traffic and they'll have to set an environment variable - which root can do, but who else? > However > debugging should be possible and should require special configuration. > > I have not tried .deb packages provided by Mozilla. Since their Windows > builds allows logging, it might work on Linux as well. > <https://support.mozilla.org/en-US/kb/install-firefox-linux#w_install-firefox-deb-package-for-debian-based-distributions> Thanks for the pointer to downloading firefox from mozilla. But wow!! plenty too many instructions for to be able to Install Firefox .deb package for Debian-based distributions I suppose it's funny that I have no qualms with SSLKEYLOGFILE=<whatever> but balk at following those instructions to modify apt-get actions, but I don't know how to evaluate the security implications of modifying apt-get files. So I just downloaded the binary from mozilla and went from there: get the 64 bit linux version of firefox esr from https://www.mozilla.org/en-US/firefox/all/#product-desktop-esr tar -xvf firefox-115.12.0esr.tar.bz2 sudo mv firefox /opt/firefox-115.12.0esr/ sudo ln -s /opt/firefox-115.12.0esr/firefox /usr/local/bin/firefox lee@laptop:~$ cat ~/bin/firefox-tlsdecode.sh #!/bin/bash # set things up so that wireshark can decrypt firefox tls traffic umask 077 SSLKEYLOGFILE=/tmp/FF-SSLkeys.txt export SSLKEYLOGFILE /usr/local/bin/firefox "$@" & # then in wireshark: # edit / preferences # protocols / tls (v2.6: protocols / ssl) # paste SSLKEYLOGFILE filename into (Pre)-Master-Secret log filename lee@laptop:~$ So now I've got the debian /usr/bin/firefox that doesn't allow export tls keys and a /usr/local/bin/firefox that does. Thanks Lee
