Bug 1290037 - Update keybits in H2, r=mt

MozReview-Commit-ID: 35oWoDMqe1Y --HG-- extra : rebase_source : 020fbd93c190131eb04eed2d583787d6e5954a5a
2025-01-18 17:02:01 +00:00 · 2016-07-28 16:48:00 +02:00 · 2016-07-28 16:48:00 +02:00 · 7943c27406
commit 7943c27406
parent 30cadf6976
1 changed files with 2 additions and 2 deletions
--- a/netwerk/protocol/http/Http2Session.cpp
+++ b/netwerk/protocol/http/Http2Session.cpp
@ -3549,8 +3549,8 @@ Http2Session::ConfirmTLSProfile()
    LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to DH %d < 2048\n",
          this, keybits));
    RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY);
-  } else if (kea == ssl_kea_ecdh && keybits < 256) { // 256 bits is "security level" of 128
-    LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to ECDH %d < 256\n",
+  } else if (kea == ssl_kea_ecdh && keybits < 224) { // see rfc7540 9.2.1.
+    LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to ECDH %d < 224\n",
          this, keybits));
    RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY);
  }