Add a missing note about the hashes in ssl_compliance_policy_fips_202205 docs See fips202205::kSigAlgs. Change-Id: I1668ad9cb9207193face2a92a7782a59ae2438e1 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/82227 Reviewed-by: Lily Chen <chlily@google.com> Commit-Queue: David Benjamin <davidben@google.com> Commit-Queue: Lily Chen <chlily@google.com> Auto-Submit: David Benjamin <davidben@google.com>

commit: d5e9aa6dcee1ba31bfb6fb5ccebce0044de50f14 [log] [tgz]
author: David Benjamin <davidben@google.com> Thu Sep 25 17:21:17 2025 -0400
committer: Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com> Thu Sep 25 16:41:57 2025 -0700
tree: 79d44421385c64f9bd19336fdd497036fc3982e2
parent: f12212bb7348934f82fc84b110b4002c75ab2bdd [diff]
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 81de2fd..a648f5f 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h

@@ -5966,7 +5966,7 @@
   //   * For TLS 1.3, only AES-GCM
   //   * P-256 or P-384 for key agreement.
   //   * For server signatures, only PKCS#1/PSS with SHA256/384/512, or ECDSA
-  //     with P-256 or P-384.
+  //     with P-256 or P-384 and SHA256/SHA384.
   //
   // Note: this policy can be configured even if BoringSSL has not been built in
   // FIPS mode. Call |FIPS_mode| to check that.
commit	d5e9aa6dcee1ba31bfb6fb5ccebce0044de50f14	[log] [tgz]
author	David Benjamin <davidben@google.com>	Thu Sep 25 17:21:17 2025 -0400
committer	Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>	Thu Sep 25 16:41:57 2025 -0700
tree	79d44421385c64f9bd19336fdd497036fc3982e2
parent	f12212bb7348934f82fc84b110b4002c75ab2bdd [diff]