Temporarily restore SHA256 and SHA384 cipher suite aliases.
https://boringssl-review.googlesource.com/27944 inadvertently caused SHA256 and SHA384 aliases to be rejected in SSL_CTX_set_strict_cipher_list. While this is the desired end state, in case the removal needs to be reverted, we should probably defer this to post-removal cleanup. Otherwise we might update someone's "ALL:!SHA256" cipher string to account for the removal, and then revert the removal underneath them. Change-Id: Id516a27a2ecefb5871485d0ae18067b5bbb536bb Reviewed-on: https://boringssl-review.googlesource.com/28004 Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
parent
b95d4b4cb3
commit
0ca921431a
@ -547,6 +547,11 @@ static const CIPHER_ALIAS kCipherAliases[] = {
|
|||||||
// Legacy strength classes.
|
// Legacy strength classes.
|
||||||
{"HIGH", ~0u, ~0u, ~0u, ~0u, 0},
|
{"HIGH", ~0u, ~0u, ~0u, ~0u, 0},
|
||||||
{"FIPS", ~0u, ~0u, ~0u, ~0u, 0},
|
{"FIPS", ~0u, ~0u, ~0u, ~0u, 0},
|
||||||
|
|
||||||
|
// Temporary no-op aliases corresponding to removed SHA-2 legacy CBC
|
||||||
|
// ciphers. These should be removed after 2018-05-14.
|
||||||
|
{"SHA256", 0, 0, 0, 0, 0},
|
||||||
|
{"SHA384", 0, 0, 0, 0, 0},
|
||||||
};
|
};
|
||||||
|
|
||||||
static const size_t kCipherAliasesLen = OPENSSL_ARRAY_SIZE(kCipherAliases);
|
static const size_t kCipherAliasesLen = OPENSSL_ARRAY_SIZE(kCipherAliases);
|
||||||
|
Loading…
Reference in New Issue
Block a user