[packages/seamonkey.git] / seamonkey-nss-http2.patch

https://bugzilla.mozilla.org/show_bug.cgi?id=1290037

--- seamonkey-2.46/mozilla/netwerk/protocol/http/Http2Session.cpp.orig	2016-10-31 21:15:27.000000000 +0100
+++ seamonkey-2.46/mozilla/netwerk/protocol/http/Http2Session.cpp	2017-01-09 17:45:38.639941993 +0100
@@ -3542,8 +3542,8 @@
     LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to DH %d < 2048\n",
           this, keybits));
     RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY);
-  } else if (kea == ssl_kea_ecdh && keybits < 256) { // 256 bits is "security level" of 128
-    LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to ECDH %d < 256\n",
+  } else if (kea == ssl_kea_ecdh && keybits < 224) { // see rfc7540 9.2.1.
+    LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to ECDH %d < 224\n",
           this, keybits));
     RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY);
   }
Commit	Line	Data
ceb753a6 JB	1	https://bugzilla.mozilla.org/show_bug.cgi?id=1290037
	2
	3	--- seamonkey-2.46/mozilla/netwerk/protocol/http/Http2Session.cpp.orig 2016-10-31 21:15:27.000000000 +0100
	4	+++ seamonkey-2.46/mozilla/netwerk/protocol/http/Http2Session.cpp 2017-01-09 17:45:38.639941993 +0100
	5	@@ -3542,8 +3542,8 @@
	6	LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to DH %d < 2048\n",
	7	this, keybits));
	8	RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY);
	9	- } else if (kea == ssl_kea_ecdh && keybits < 256) { // 256 bits is "security level" of 128
	10	- LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to ECDH %d < 256\n",
	11	+ } else if (kea == ssl_kea_ecdh && keybits < 224) { // see rfc7540 9.2.1.
	12	+ LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to ECDH %d < 224\n",
	13	this, keybits));
	14	RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY);
	15	}