[dev.boringcrypto] all: merge commit
9d0819b27c (CL 314609) into dev.boringcrypto
There used to be two BoringCrypto-specific behaviors related to cipher
suites in crypto/tls:
1. in FIPS-only mode, only a restricted set of AES ciphers is allowed
2. NOT in FIPS-only mode, AES would be prioritized over ChaCha20 even if
AES hardware was not available
The motivation of (2) is unclear, and BoringSSL doesn't have equivalent
logic. This merge drops (2), and keeps (1). Note that the list of
FIPS-only ciphers does not have priority semantics anymore, but the
default logic still sorts them the same way as they used to be.
Change-Id: I50544011085cfa2b087f323aebf5338c0bd2dd33