15 lines
803 B
Diff
15 lines
803 B
Diff
Fix for nss-3.28.1: ECDH keybits minimum is 224
|
|
|
|
--- netwerk/protocol/http/Http2Session.cpp 2016-12-01 23:44:09.000000000 +0100
|
|
+++ netwerk/protocol/http/Http2Session.cpp 2017-01-30 20:00:34.461035226 +0100
|
|
@@ -3521,8 +3521,8 @@
|
|
LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to DH %d < 2048\n",
|
|
this, keybits));
|
|
RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY);
|
|
- } else if (kea == ssl_kea_ecdh && keybits < 256) { // 256 bits is "security level" of 128
|
|
- LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to ECDH %d < 256\n",
|
|
+ } else if (kea == ssl_kea_ecdh && keybits < 224) { // see rfc7540 9.2.1.
|
|
+ LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to ECDH %d < 224\n",
|
|
this, keybits));
|
|
RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY);
|
|
}
|