Open Bug 1422854 Opened 6 years ago Updated 1 year ago

Disable key logging in optimized gyp builds

Categories

(NSS :: Libraries, enhancement, P3)

3.34
enhancement

Tracking

(Not tracked)

People

(Reporter: KaiE, Assigned: KaiE)

References

Details

Attachments

(1 file)

Bug 1183318 disabled SSL key logging by default in optimized make builds.

I suggest we should be consistent, and disable key logging in optimized gyp builds, too.
See Also: → 1183318
Assignee: nobody → kaie
I would prefer not doing this. Also note that it would require Firefox build changes as well (to enable it again).
If we want to make this consistent, I'd prefer enabling it in make builds.
(In reply to Franziskus Kiefer [:fkiefer or :franziskus] from comment #1)
> If we want to make this consistent, I'd prefer enabling it in make builds.

It's not a secure default for a library.

It's one thing if an application decides to be insecure by default, but a library should be secure by default.
Franziskus, can you clarify your preference?

We already do disable it in optimized make builds.
Attached patch 1422854-v1.patchSplinter Review
Franziskus, please see the context in bug 1183318, and the release notes for NSS 3.24:
  https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.24_release_notes

"Disable (by default) NSS support in optimized builds for logging SSL/TLS key material to a logfile if the SSLKEYLOGFILE environment variable is set. To enable the functionality in optimized builds, you must define the symbol NSS_ALLOW_SSLKEYLOGFILE when building NSS."

If gyp is enabling it by default, that's a bug, which breaks our earlier announcements for this behavior.
We want to enable this for Firefox (as per that discussion), so any change here would need to be matched with a similar change to the Firefox build configuration.
(In reply to Kai Engert (:kaie:) from comment #2)
> (In reply to Franziskus Kiefer [:fkiefer or :franziskus] from comment #1)
> > If we want to make this consistent, I'd prefer enabling it in make builds.
> 
> It's not a secure default for a library.
> 
> It's one thing if an application decides to be insecure by default, but a
> library should be secure by default.

Except an application can't decide to be insecure by default when the underlying library doesn't allow an override. Or are you suggesting that all applications should build their own NSS?
Priority: -- → P3
I think, if a platform decides to use a more secure default for a library, then it's reasonable to require that an application rebuilds the library for debugging purposes.
(In reply to Martin Thomson [:mt:] from comment #6)
> We want to enable this for Firefox (as per that discussion), so any change
> here would need to be matched with a similar change to the Firefox build
> configuration.

dveditz, can you weigh in on whether we really want this enabled by default in release builds? It seems pretty sketchy.
Flags: needinfo?(dveditz)
QA Contact: jjones
See Also: → 1515236
> dveditz, can you weigh in on whether we really want this enabled by default in release builds? It seems pretty sketchy.

This was discussed in bug 1188657.
Flags: needinfo?(dveditz)
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.