)]}'
{
  "commit": "90f0f05cca750b74c29c4ae8ee1ed800effa23c0",
  "tree": "890398b91515ee987aea1fdb6637047cd45eb537",
  "parents": [
    "3f119b7f774900ce22e9b65068e10aa7bdc7fd91"
  ],
  "author": {
    "name": "David Benjamin",
    "email": "davidben@google.com",
    "time": "Mon Feb 12 14:48:31 2024 -0500"
  },
  "committer": {
    "name": "Boringssl LUCI CQ",
    "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com",
    "time": "Wed Feb 21 17:36:52 2024 +0000"
  },
  "message": "Integrate TLS 1.2 sigalg and cipher suite selection\n\nIn TLS 1.2, cipher suite negotiation is tied up with a ton of other\ndecisions. Even though both sides have an ECDHE_RSA cipher in common, it\nmay not work because there isn\u0027t a common ECDHE curve or sigalg. In that\ncase, ideally we would consider a non-ECDHE_RSA cipher suite, notably\none of the legacy RSA key exchange ciphers.\n\nIf there is no ECDHE curve common, we already did this. However, if\nthere was no sigalg in common, we would fail the connection rather than\nconsider RSA key exchange.\n\nGiving this case a lifetime would normally be unimportant as RSA key\nexchange is thoroughly deprecated, but the SSL_CREDENTIAL work will need\nto consider signature algorithm matches, at which point we\u0027ll pick up\nbehavior like this anyway. So I\u0027m implementing it separately here just\nto get the behavior change out of the way.\n\nUpdate-Note: TLS 1.2 servers will now consider RSA key exchange when the\nsignature algorithm portion of ECDHE_RSA fails. Previously, the\nconnection would just fail. This change will not impact any connections\nthat previously succeeded, only make some previously failing connections\nstart to succeed. It also changes the error returned in some cases from\nNO_COMMON_SIGNATURE_ALGORITHMS to NO_SHARED_CIPHER.\n\nBug: 249\nChange-Id: I4a70036756ea998f38ea155f208e8122bf9a5b44\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/66368\nReviewed-by: Bob Beck \u003cbbe@google.com\u003e\nCommit-Queue: David Benjamin \u003cdavidben@google.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "cffa52d88b3bbf2a1da366242eeca23eac25dab6",
      "old_mode": 33188,
      "old_path": "ssl/handshake_server.cc",
      "new_id": "7c84ef8324d6cf864f4bd488d3261ba2dc3ec08b",
      "new_mode": 33188,
      "new_path": "ssl/handshake_server.cc"
    },
    {
      "type": "modify",
      "old_id": "2896a329275be0a693e349b77a0d3f31cab15a6f",
      "old_mode": 33188,
      "old_path": "ssl/internal.h",
      "new_id": "f1d02a0fbc7e8627131fa2c8c3ae10fb9366de00",
      "new_mode": 33188,
      "new_path": "ssl/internal.h"
    },
    {
      "type": "modify",
      "old_id": "6c6ae7b9eb8d0fbac92d8ab14d9ec1ec12e80d47",
      "old_mode": 33188,
      "old_path": "ssl/ssl_cert.cc",
      "new_id": "9c403291ac34c344a0a926052ddaf35465778f0f",
      "new_mode": 33188,
      "new_path": "ssl/ssl_cert.cc"
    },
    {
      "type": "modify",
      "old_id": "fd8cef95d513aa0d13d6c90cef40a7ee43ce9f5b",
      "old_mode": 33188,
      "old_path": "ssl/ssl_cipher.cc",
      "new_id": "29e32ceb272472cc0235f728de76d2c1a2b5e36d",
      "new_mode": 33188,
      "new_path": "ssl/ssl_cipher.cc"
    },
    {
      "type": "modify",
      "old_id": "cfccdcb6a8c0c5f8a1c53c94a950789cd8784c44",
      "old_mode": 33188,
      "old_path": "ssl/test/runner/runner.go",
      "new_id": "8ddb590983af6e87c36bc0d0c2fe9524f0941356",
      "new_mode": 33188,
      "new_path": "ssl/test/runner/runner.go"
    }
  ]
}