On Thu, Sep 12, 2019 at 5:50 PM Henri Sivonen <hsivo...@mozilla.com> wrote:
> Do we know what the situation looks like for connections to RFC 1918 > addresses? > That's a hard one to even speculate about, and that's all we really have there. Our telemetry doesn't really allow us to gain insight into that. The big question being enterprise uses, where there is some chance of having names on servers in private address space. Most use of 1918 outside of enterprise is likely still unsecured entirely. > What expectations are there for being able to remove the code from NSS? > Pretty low in any reasonable time frame. The use of new NSS releases in old versions of RHEL and their very long support cycles means that Red Hat are reluctant to have code removed. We still have SSLv3 code hanging around and will likely have that for a few more years. That said, there is a lot of shared code between SSLv3, TLS 1.0, TLS 1.1, and TLS 1.2. There isn't a whole lot to gain from trying to take any one of those versions out of the code, because there isn't that much to remove. _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
