TLS decryption with SSLKEYLOGFILE
Hi,
I am currently working on a privacy study regarding Mozilla Firefox and I would like to have more detailed information on key log file using per-session secrets.
I used SSLKEYLOGFILE environment variable from underlying NSS library to get TLS session secrets [1], which can be used in Wireshark to decrypt HTTPS traffic. I looked at Firefox documentation for some answers and I found that NSS support for logging file is disabled by default since NSS 3.24 [2], that-is to say Firefox 48 and 49 [3]. I do not have found any documentation saying it has been re-enabled by default since then. However, I have made some tests on Ubuntu 22.04 LTS (it is disabled on Debian) and Windows 10 using Firefox 106 (NSS 3.83) [4] and it works properly.
So, I have two questions : - Is it normal that this feature still works for decrypting traffic whereas it should be disabled by default ? - What is the position of Mozilla developers and the community on the security of this feature (anyone who have access to someone computer could get all of their internet passwords) ?
Thank you for your reading and I am looking forward to reading your answer.
Best regards
[1] https://wiki.wireshark.org/TLS
[2] https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_releases/nss_3.24_release_notes/index.html#mozilla-projects-nss-nss-3-24-release-notes
[3] https://firefox-source-docs.mozilla.org/security/nss/legacy/key_log_format/index.html
[4] https://wiki.mozilla.org/NSS:Release_Versions
Modified