Fix for nss-3.28.1: ECDH keybits minimum is 224

--- netwerk/protocol/http/Http2Session.cpp	2016-12-01 23:44:09.000000000 +0100
+++ netwerk/protocol/http/Http2Session.cpp	2017-01-30 20:00:34.461035226 +0100
@@ -3521,8 +3521,8 @@
     LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to DH %d < 2048\n",
           this, keybits));
     RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY);
-  } else if (kea == ssl_kea_ecdh && keybits < 256) { // 256 bits is "security level" of 128
-    LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to ECDH %d < 256\n",
+  } else if (kea == ssl_kea_ecdh && keybits < 224) { // see rfc7540 9.2.1.
+    LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to ECDH %d < 224\n",
           this, keybits));
     RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY);
   }