Revert "crypto/internal/boring: upgrade module to fips-20220613" +1

This reverts commit 7383b2a4db ("crypto/internal/boring: upgrade module to fips-20220613") and commit 4106de901a ("crypto/tls: align FIPS-only mode with BoringSSL policy"). Fixes #65321 Updates #64717 Updates #62372 Change-Id: I0938b97e5b4904e6532448b8ae76e920d03d0508 Reviewed-on: https://go-review.googlesource.com/c/go/+/558796 Reviewed-by: Michael Knyszek <mknyszek@google.com> Reviewed-by: Roland Shoemaker <roland@golang.org> Auto-Submit: Filippo Valsorda <filippo@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
2025-12-08 06:10:04 +00:00 · 2024-01-26 23:22:45 +01:00 · 2024-01-26 23:22:45 +01:00 · 09b5de48e6
commit 09b5de48e6
parent b6d1eb750f
19 changed files with 73 additions and 156 deletions
--- a/src/crypto/tls/handshake_client.go
+++ b/src/crypto/tls/handshake_client.go
@ -139,9 +139,7 @@ func (c *Conn) makeClientHello() (*clientHelloMsg, *ecdh.PrivateKey, error) {
 		if len(hello.supportedVersions) == 1 {
 			hello.cipherSuites = nil
 		}
-		if needFIPS() {
-			hello.cipherSuites = append(hello.cipherSuites, defaultCipherSuitesTLS13FIPS...)
-		} else if hasAESGCMHardwareSupport {
+		if hasAESGCMHardwareSupport {
 			hello.cipherSuites = append(hello.cipherSuites, defaultCipherSuitesTLS13...)
 		} else {
 			hello.cipherSuites = append(hello.cipherSuites, defaultCipherSuitesTLS13NoAES...)