Bug 1306003 - Enable P-521, r=ekr,rbarnes
authorMartin Thomson <martin.thomson@gmail.com>
Thu, 29 Sep 2016 10:40:40 +1000
changeset 358562 51cbff25e0179690152ccbead503c3b2da58367e
parent 358561 c634201ba01d846403e692921a44038d2e55817a
child 358563 5bab8ab8cd0302f0e57a95eb995891a1f9fadce8
push id6795
push userjlund@mozilla.com
push dateMon, 23 Jan 2017 14:19:46 +0000
treeherdermozilla-beta@76101b503191 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersekr, rbarnes
bugs1306003
milestone52.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1306003 - Enable P-521, r=ekr,rbarnes MozReview-Commit-ID: 1oF98CACtQV
security/manager/ssl/nsNSSIOLayer.cpp
--- a/security/manager/ssl/nsNSSIOLayer.cpp
+++ b/security/manager/ssl/nsNSSIOLayer.cpp
@@ -2495,17 +2495,17 @@ nsSSLIOLayerSetOptions(PRFileDesc* fd, b
     if (SECSuccess != SSL_SetDowngradeCheckVersion(fd, maxEnabledVersion)) {
       return NS_ERROR_FAILURE;
     }
   }
 
   // Include a modest set of named groups.
   const SSLNamedGroup namedGroups[] = {
     ssl_grp_ec_curve25519, ssl_grp_ec_secp256r1, ssl_grp_ec_secp384r1,
-    ssl_grp_ffdhe_2048, ssl_grp_ffdhe_3072
+    ssl_grp_ec_secp521r1, ssl_grp_ffdhe_2048, ssl_grp_ffdhe_3072
   };
   if (SECSuccess != SSL_NamedGroupConfig(fd, namedGroups,
                                          mozilla::ArrayLength(namedGroups))) {
     return NS_ERROR_FAILURE;
   }
   // This ensures that we send key shares for X25519 and P-256 in TLS 1.3, so
   // that servers are less likely to use HelloRetryRequest.
   if (SECSuccess != SSL_SendAdditionalKeyShares(fd, 2)) {