HTTP/2 code in Firefox versions between 32 and 50 (inclusive), contains a bug which enforces an incorrect minimum key size for ECDH of 256 bits. This bug is fixed in Firefox 51 (see <https://bugzilla.mozilla.org/show_bug.cgi?id=1290037>).
NSS 3.28 introduces a new ECDH key exchange with a key size of 255 bits, which - if negotiated - will cause versions Firefox 32 through 50 to incorrectly reject the connection. If you intend to use NSS 3.28 with Firefox 50 or older, you should apply the patch used for Firefox 51: <https://hg.mozilla.org/mozilla-central/rev/361ac226da2a> This patch has recently been added to the Firefox 45 ESR branch. This issue affects all software that uses the gecko platform. Thanks to Martin Thomson for helping with this text. Kai -- dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
