Mercurial > mozilla-central / changeset / 361ac226da2a83516db8d4e4c5b41a69b3ba754f
summary | shortlog | changelog | pushlog | graph | tags | bookmarks | branches | files | changeset | raw | zip | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Bug 1290037 - Update keybits in H2, r=mt
authorFranziskus Kiefer <franziskuskiefer@gmail.com>
Thu, 28 Jul 2016 16:48:00 +0200
changeset 308814 361ac226da2a83516db8d4e4c5b41a69b3ba754f
parent 308813 5d5d3ef04f3f77bb95616f56c129256a89f57831
child 308815 40e95a2eb907cf067af00a3c5b126a344b515fdb
push id30550
push usercbook@mozilla.com
push dateWed, 10 Aug 2016 13:55:02 +0000
treeherdermozilla-central@c12bb83ad278 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersmt
bugs1290037
milestone51.0a1
first release with
nightly linux32
0502bd9e025e / 51.0a1 / 20160811030201 / files
nightly linux64
0502bd9e025e / 51.0a1 / 20160811030201 / files
nightly mac
0502bd9e025e / 51.0a1 / 20160811030201 / files
nightly win32
0502bd9e025e / 51.0a1 / 20160811030201 / files
nightly win64
0502bd9e025e / 51.0a1 / 20160811030201 / files
last release without
nightly linux32
720b5d2c84d5 / 51.0a1 / 20160809030200 / files
nightly linux64
720b5d2c84d5 / 51.0a1 / 20160809030200 / files
nightly mac
720b5d2c84d5 / 51.0a1 / 20160809030200 / files
nightly win32
720b5d2c84d5 / 51.0a1 / 20160809030200 / files
nightly win64
720b5d2c84d5 / 51.0a1 / 20160809030200 / files
Bug 1290037 - Update keybits in H2, r=mt MozReview-Commit-ID: 35oWoDMqe1Y
netwerk/protocol/http/Http2Session.cpp file | annotate | diff | comparison | revisions 
--- a/netwerk/protocol/http/Http2Session.cpp
+++ b/netwerk/protocol/http/Http2Session.cpp
@@ -3544,18 +3544,18 @@ Http2Session::ConfirmTLSProfile()
     RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY);
   }
 
   uint32_t keybits = ssl->GetKEAKeyBits();
   if (kea == ssl_kea_dh && keybits < 2048) {
     LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to DH %d < 2048\n",
           this, keybits));
     RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY);
-  } else if (kea == ssl_kea_ecdh && keybits < 256) { // 256 bits is "security level" of 128
-    LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to ECDH %d < 256\n",
+  } else if (kea == ssl_kea_ecdh && keybits < 224) { // see rfc7540 9.2.1.
+    LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to ECDH %d < 224\n",
           this, keybits));
     RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY);
   }
 
   int16_t macAlgorithm = ssl->GetMACAlgorithmUsed();
   LOG3(("Http2Session::ConfirmTLSProfile %p MAC Algortihm (aead==6) %d\n",
         this, macAlgorithm));
   if (macAlgorithm != nsISSLSocketControl::SSL_MAC_AEAD) {
mozilla-central
Deployed from 18d8b634a3eb at 2022-06-27T19:41:42Z.