Add a missing note about the hashes in ssl_compliance_policy_fips_202205 docs See fips202205::kSigAlgs. Change-Id: I1668ad9cb9207193face2a92a7782a59ae2438e1 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/82227 Reviewed-by: Lily Chen <chlily@google.com> Commit-Queue: David Benjamin <davidben@google.com> Commit-Queue: Lily Chen <chlily@google.com> Auto-Submit: David Benjamin <davidben@google.com>
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 81de2fd..a648f5f 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h
@@ -5966,7 +5966,7 @@ // * For TLS 1.3, only AES-GCM // * P-256 or P-384 for key agreement. // * For server signatures, only PKCS#1/PSS with SHA256/384/512, or ECDSA - // with P-256 or P-384. + // with P-256 or P-384 and SHA256/SHA384. // // Note: this policy can be configured even if BoringSSL has not been built in // FIPS mode. Call |FIPS_mode| to check that.