You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The experimental post-quantum key exchange mechanism X25519Kyber768Draft00 is now enabled by default when Config.CurvePreferences is nil. The default can be reverted by adding tlskyber=0 to the GODEBUG environment variable.
This experimental key exchange mechanism seems to trip up the AWS firewall.
The upstream provider was affected by this same problem. They fixed it by disabling this experimental key exchange mechanism.
We should do the same on our end as a short term workaround.
The upstream maintainers are already in touch with AWS for a long-term fix.
The text was updated successfully, but these errors were encountered:
…768Draft00` (#4583)
The AWS Provider was upgraded to Go 1.23 in v6.51.0, which introduced a
change
to the crypto/tls standard library package. It enabled the post-quantum
key exchange mechanism `X25519Kyber768Draft00` by default. This
experimental key
exchange mechanism is causing errors in the AWS firewall.
As a short term workaround this change disables the experimental key
exchange mechanism.
Upstream maintainers and AWS are in touch to work on a long-term fix.
Fixes#4573
Relates to #4582
The AWS Provider was upgraded to Go 1.23 in v6.51.0, which introduced a minor change to the crypto/tls standard library package:
This experimental key exchange mechanism seems to trip up the AWS firewall.
The upstream provider was affected by this same problem. They fixed it by disabling this experimental key exchange mechanism.
We should do the same on our end as a short term workaround.
The upstream maintainers are already in touch with AWS for a long-term fix.
The text was updated successfully, but these errors were encountered: