diff options
author | André Fabian Silva Delgado <emulatorman@parabola.nu> | 2017-01-31 03:12:50 -0300 |
---|---|---|
committer | André Fabian Silva Delgado <emulatorman@parabola.nu> | 2017-01-31 03:13:31 -0300 |
commit | 9ea24798ffde8aa9f4383ce5da52111707eb09ab (patch) | |
tree | 97bc1ac8e8cebd8a531f078056dc432b24d118af /libre/icecat/nss-3.28.patch | |
parent | bcb925b0673684eb0c85b39cd62cdd079ae52656 (diff) | |
download | abslibre-9ea24798ffde8aa9f4383ce5da52111707eb09ab.tar.gz abslibre-9ea24798ffde8aa9f4383ce5da52111707eb09ab.tar.bz2 abslibre-9ea24798ffde8aa9f4383ce5da52111707eb09ab.zip |
icecat-45.5.1_gnu1-4: apply patch for NSS 3.28
Diffstat (limited to 'libre/icecat/nss-3.28.patch')
-rw-r--r-- | libre/icecat/nss-3.28.patch | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/libre/icecat/nss-3.28.patch b/libre/icecat/nss-3.28.patch new file mode 100644 index 000000000..92c1376ae --- /dev/null +++ b/libre/icecat/nss-3.28.patch @@ -0,0 +1,35 @@ + +# HG changeset patch +# User Franziskus Kiefer <franziskuskiefer@gmail.com> +# Date 1469717280 -7200 +# Node ID 361ac226da2a83516db8d4e4c5b41a69b3ba754f +# Parent 5d5d3ef04f3f77bb95616f56c129256a89f57831 +Bug 1290037 - Update keybits in H2, r=mt + +MozReview-Commit-ID: 35oWoDMqe1Y + +diff --git a/netwerk/protocol/http/Http2Session.cpp b/netwerk/protocol/http/Http2Session.cpp +--- a/netwerk/protocol/http/Http2Session.cpp ++++ b/netwerk/protocol/http/Http2Session.cpp +@@ -3544,18 +3544,18 @@ Http2Session::ConfirmTLSProfile() + RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY); + } + + uint32_t keybits = ssl->GetKEAKeyBits(); + if (kea == ssl_kea_dh && keybits < 2048) { + LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to DH %d < 2048\n", + this, keybits)); + RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY); +- } else if (kea == ssl_kea_ecdh && keybits < 256) { // 256 bits is "security level" of 128 +- LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to ECDH %d < 256\n", ++ } else if (kea == ssl_kea_ecdh && keybits < 224) { // see rfc7540 9.2.1. ++ LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to ECDH %d < 224\n", + this, keybits)); + RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY); + } + + int16_t macAlgorithm = ssl->GetMACAlgorithmUsed(); + LOG3(("Http2Session::ConfirmTLSProfile %p MAC Algortihm (aead==6) %d\n", + this, macAlgorithm)); + if (macAlgorithm != nsISSLSocketControl::SSL_MAC_AEAD) { + |