Temporarily restore SHA256 and SHA384 cipher suite aliases. https://boringssl-review.googlesource.com/27944 inadvertently caused SHA256 and SHA384 aliases to be rejected in SSL_CTX_set_strict_cipher_list. While this is the desired end state, in case the removal needs to be reverted, we should probably defer this to post-removal cleanup. Otherwise we might update someone's "ALL:!SHA256" cipher string to account for the removal, and then revert the removal underneath them. Change-Id: Id516a27a2ecefb5871485d0ae18067b5bbb536bb Reviewed-on: https://boringssl-review.googlesource.com/28004 Reviewed-by: Adam Langley <agl@google.com>

commit: 0ca921431ae778eaed28c18fec09c09b31f03290 [log] [tgz]
author: David Benjamin <davidben@google.com> Thu May 03 11:35:10 2018 -0400
committer: Adam Langley <agl@google.com> Thu May 03 15:48:50 2018 +0000
tree: d31bcf96f9928f2d89c2721ea137d7e6a05a2ad6
parent: b95d4b4cb33fe9e84e0917772469530a552913f0 [diff]
diff --git a/ssl/ssl_cipher.cc b/ssl/ssl_cipher.cc
index c42a420..8536f89 100644
--- a/ssl/ssl_cipher.cc
+++ b/ssl/ssl_cipher.cc

@@ -547,6 +547,11 @@
     // Legacy strength classes.
     {"HIGH", ~0u, ~0u, ~0u, ~0u, 0},
     {"FIPS", ~0u, ~0u, ~0u, ~0u, 0},
+
+    // Temporary no-op aliases corresponding to removed SHA-2 legacy CBC
+    // ciphers. These should be removed after 2018-05-14.
+    {"SHA256", 0, 0, 0, 0, 0},
+    {"SHA384", 0, 0, 0, 0, 0},
 };
 
 static const size_t kCipherAliasesLen = OPENSSL_ARRAY_SIZE(kCipherAliases);
commit	0ca921431ae778eaed28c18fec09c09b31f03290	[log] [tgz]
author	David Benjamin <davidben@google.com>	Thu May 03 11:35:10 2018 -0400
committer	Adam Langley <agl@google.com>	Thu May 03 15:48:50 2018 +0000
tree	d31bcf96f9928f2d89c2721ea137d7e6a05a2ad6
parent	b95d4b4cb33fe9e84e0917772469530a552913f0 [diff]