commit 7943c27406fb
Author: Franziskus Kiefer <franziskuskiefer@gmail.com>
Date:   Thu Jul 28 16:48:00 2016 +0200

    Bug 1290037 - Update keybits in H2, r=mt
    
    MozReview-Commit-ID: 35oWoDMqe1Y
    
    --HG--
    extra : rebase_source : 020fbd93c190131eb04eed2d583787d6e5954a5a
---
 netwerk/protocol/http/Http2Session.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git netwerk/protocol/http/Http2Session.cpp netwerk/protocol/http/Http2Session.cpp
index dbcc1115cbd3..f3cd57304f73 100644
--- netwerk/protocol/http/Http2Session.cpp
+++ netwerk/protocol/http/Http2Session.cpp
@@ -3549,8 +3549,8 @@ Http2Session::ConfirmTLSProfile()
     LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to DH %d < 2048\n",
           this, keybits));
     RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY);
-  } else if (kea == ssl_kea_ecdh && keybits < 256) { // 256 bits is "security level" of 128
-    LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to ECDH %d < 256\n",
+  } else if (kea == ssl_kea_ecdh && keybits < 224) { // see rfc7540 9.2.1.
+    LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to ECDH %d < 224\n",
           this, keybits));
     RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY);
   }
