Quantcast

NSS 3.28 and Mozilla code version 50 or older, HTTP/2 failures

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

NSS 3.28 and Mozilla code version 50 or older, HTTP/2 failures

Kai Engert-4
HTTP/2 code in Firefox versions between 32 and 50 (inclusive),
contains a bug which enforces an incorrect minimum key size for ECDH
of 256 bits.  This bug is fixed in Firefox 51 (see
<https://bugzilla.mozilla.org/show_bug.cgi?id=1290037>).

NSS 3.28 introduces a new ECDH key exchange with a key size of 255
bits, which - if negotiated - will cause versions Firefox 32 through
50 to incorrectly reject the connection.

If you intend to use NSS 3.28 with Firefox 50 or older, you should
apply the patch used for Firefox 51:
<https://hg.mozilla.org/mozilla-central/rev/361ac226da2a>  This patch
has recently been added to the Firefox 45 ESR branch.

This issue affects all software that uses the gecko platform.


Thanks to Martin Thomson for helping with this text.
Kai

--
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto
Loading...