-
Notifications
You must be signed in to change notification settings - Fork 18.4k
Closed as not planned
@xduwyy Output of
Description
Go version
go version go1.25.0 linux/amd64
Output of go env in your module/workspace:
AR='ar' CC='gcc' CGO_CFLAGS='-O2 -g' CGO_CPPFLAGS='' CGO_CXXFLAGS='-O2 -g' CGO_ENABLED='1' CGO_FFLAGS='-O2 -g' CGO_LDFLAGS='-O2 -g' CXX='g++' GCCGO='gccgo' GO111MODULE='' GOAMD64='v1' GOARCH='amd64' GOAUTH='netrc' GOBIN='' GOCACHE='/home/dummy/.cache/go-build' GOCACHEPROG='' GODEBUG='fips140=only' GOENV='/home/dummy/.config/go/env' GOEXE='' GOEXPERIMENT='' GOFIPS140='off' GOFLAGS='' GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build3735951820=/tmp/go-build -gno-record-gcc-switches' GOHOSTARCH='amd64' GOHOSTOS='linux' GOINSECURE='' GOMOD='/dev/null' GOMODCACHE='/home/dummy/go/pkg/mod' GONOPROXY='' GONOSUMDB='' GOOS='linux' GOPATH='/home/dummy/go' GOPRIVATE='' GOPROXY='https://proxy.golang.org,direct' GOROOT='/usr/local/go' GOSUMDB='sum.golang.org' GOTELEMETRY='local' GOTELEMETRYDIR='/home/dummy/.config/go/telemetry' GOTMPDIR='' GOTOOLCHAIN='auto' GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64' GOVCS='' GOVERSION='go1.25.0' GOWORK='' PKG_CONFIG='pkg-config' GOROOT/bin/go version: go version go1.25.0 linux/amd64 GOROOT/bin/go tool compile -V: compile version go1.25.0 uname -sr: Linux 5.15.0-97-generic Distributor ID: Ubuntu Description: Ubuntu 22.04.5 LTS Release: 22.04 Codename: jammy /lib/x86_64-linux-gnu/libc.so.6: GNU C Library (Ubuntu GLIBC 2.35-0ubuntu3.8) stable release version 2.35. gdb --version: GNU gdb (Ubuntu 12.1-0ubuntu1~22.04.2) 12.1 </pre></details>
What did you do?
package main
import (
"crypto/tls"
"fmt"
"io"
"net/http"
)
func main() {
tlsConfig := &tls.Config{}
transport := &http.Transport{
TLSClientConfig: tlsConfig,
}
client := &http.Client{Transport: transport}
resp, err := client.Get("https://bing.com:443")
if err != nil {
panic("failed to connect: " + err.Error())
}
defer resp.Body.Close()
content, err := io.ReadAll(resp.Body)
if err != nil {
panic("failed to read: " + err.Error())
}
fmt.Println(string(content))
}
What did you see happen?
For the above test code:
$ export GODEBUG="fips140=only"; go run test.go
panic: failed to connect: Get "https://bing.com:443": crypto/ecdh: use of X25519 is not allowed in FIPS 140-only mode
goroutine 1 [running]:
main.main()
/home/dummy/code/test.go:20 +0x226
exit status 2
What did you expect to see?
The test code works in Go 1.24.6. But the use of X25519 is not allowed in FIPS 140-only mode in Go 1.24.6 already https://cs.opensource.google/go/go/+/refs/tags/go1.24.6:src/crypto/ecdh/x25519.go .
How should we understand this behavioral change? What should we do to make the above test code can run in the fips140=only mode?
Metadata
Metadata
Assignees
Labels
No labels