void-packages/srcpkgs/icecat/patches/fix-ecdh_keybits_min_224.patch
2017-01-30 20:41:33 +01:00

15 lines
803 B
Diff

Fix for nss-3.28.1: ECDH keybits minimum is 224
--- netwerk/protocol/http/Http2Session.cpp 2016-12-01 23:44:09.000000000 +0100
+++ netwerk/protocol/http/Http2Session.cpp 2017-01-30 20:00:34.461035226 +0100
@@ -3521,8 +3521,8 @@
LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to DH %d < 2048\n",
this, keybits));
RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY);
- } else if (kea == ssl_kea_ecdh && keybits < 256) { // 256 bits is "security level" of 128
- LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to ECDH %d < 256\n",
+ } else if (kea == ssl_kea_ecdh && keybits < 224) { // see rfc7540 9.2.1.
+ LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to ECDH %d < 224\n",
this, keybits));
RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY);
}