On Mon, May 05, 2025 at 10:03:35PM +0200, LWS wrote: > oh, you speak too difficult for me. > The variables are supported by the software it is written in the > documentation. > Also the software is used to analyze the traffic and do deep inspection. > So I don't understand why they should not be supported by libssl.
The software uses python bindings to libssl. libssl establishes the keys, so it must support the keylog functionality for the software to be able use it. Since libssl doesn't support it, the mitm softare can't. Specifically, it tries uses this function if the env var is set: https://man.openbsd.org/SSL_CTX_set_keylog_callback Since the function does nothing, SSLKEYLOG doesn't work. > I know that the variable has been disabled in firefox for security reasons, > but not in chromium. The browser use their own TLS stack (NSS for fx, BoringSSL for chrome). > Also if the official mitmproxy documentation still has this feature I > imagine it is working. Again, it can't work if the underlying ssl implementation doesn't support it. The SSLKEYLOG functionality is controversial. People expect it to be available just because some popular implementations decided to add it.
