diff options
Diffstat (limited to 'www-client/firefox/files/update_h2_curve.patch')
| -rw-r--r-- | www-client/firefox/files/update_h2_curve.patch | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/www-client/firefox/files/update_h2_curve.patch b/www-client/firefox/files/update_h2_curve.patch new file mode 100644 index 0000000..a1f0ffa --- /dev/null +++ b/www-client/firefox/files/update_h2_curve.patch @@ -0,0 +1,30 @@ +From: Franziskus Kiefer <franziskuskiefer@gmail.com> + +Update keybits in H2 + +https://bugzilla.mozilla.org/show_bug.cgi?id=1290037 + +diff --git a/netwerk/protocol/http/Http2Session.cpp b/netwerk/protocol/http/Http2Session.cpp +--- a/netwerk/protocol/http/Http2Session.cpp ++++ b/netwerk/protocol/http/Http2Session.cpp +@@ -3516,18 +3516,18 @@ Http2Session::ConfirmTLSProfile() + RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY); + } + + uint32_t keybits = ssl->GetKEAKeyBits(); + if (kea == ssl_kea_dh && keybits < 2048) { + LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to DH %d < 2048\n", + this, keybits)); + RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY); +- } else if (kea == ssl_kea_ecdh && keybits < 256) { // 256 bits is "security level" of 128 +- LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to ECDH %d < 256\n", ++ } else if (kea == ssl_kea_ecdh && keybits < 224) { // see rfc7540 9.2.1. ++ LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to ECDH %d < 224\n", + this, keybits)); + RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY); + } + + int16_t macAlgorithm = ssl->GetMACAlgorithmUsed(); + LOG3(("Http2Session::ConfirmTLSProfile %p MAC Algortihm (aead==6) %d\n", + this, macAlgorithm)); + if (macAlgorithm != nsISSLSocketControl::SSL_MAC_AEAD) { |