Skip to content

Commit

Permalink
Disable experimental post-quantum key exchange mechanism `X25519Kyber…
Browse files Browse the repository at this point in the history
…768Draft00` (#4583)

The AWS Provider was upgraded to Go 1.23 in v6.51.0, which introduced a
change
to the crypto/tls standard library package. It enabled the post-quantum
key exchange mechanism `X25519Kyber768Draft00` by default. This
experimental key
exchange mechanism is causing errors in the AWS firewall.
As a short term workaround this change disables the experimental key
exchange mechanism.

Upstream maintainers and AWS are in touch to work on a long-term fix.

Fixes #4573
Relates to #4582
  • Loading branch information
flostadler authored Sep 30, 2024
1 parent a795267 commit 0808d68
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions provider/go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,11 @@ module github.com/pulumi/pulumi-aws/provider/v6

go 1.23.1

// Disable experimental post-quantum key exchange mechanism X25519Kyber768Draft00
// This was causing errors with AWS Network Firewall
// https://github.com/pulumi/pulumi-aws/issues/4582
godebug tlskyber=0

require (
github.com/aws/aws-sdk-go-v2 v1.31.0
github.com/aws/aws-sdk-go-v2/config v1.27.38
Expand Down

0 comments on commit 0808d68

Please sign in to comment.