Go 1.23: Additional key exchange mechanism X25519Kyber768Draft00 causes AWS Network Firewall to drop packets #4663
Labels
type/bug
Something isn't working
Comments
|
Thanks for the heads up. Hopefully go fixes this before our next release. If not we can review how much pain its causing our users and use the linked fix. 🙏 |
|
It also doesnt appear that we can just swap the S3 bucket endpoint, since the helm chart deployments dont appear? to actually allow doing so. We found a way to work around this in the AWS Firewall Needs to be present on all your TLS rules. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
Go 1.23 introduces a small change: https://tip.golang.org/doc/go1.23#cryptotlspkgcryptotls
This actually stops go apps from working behind the AWS Network firewall
To Reproduce
A really good explanation here: hashicorp/terraform-provider-aws#39311
Expected behavior
TLS Traffic flows through firewall
Environment:
AWS Gov Cloud behind AWS Network FIrewall
Additional Context
I believe it can be mitigated with: https://github.com/hashicorp/terraform-provider-aws/pull/39432/files#diff-33ef32bf6c23acb95f5902d7097b7a1d5128ca061167ec0716715b0b9eeaa5f6R7
The text was updated successfully, but these errors were encountered: