Skip to content

Commit 2a4f7d7

Browse files
committed
[restapi] Disable TLS session tickets to fix FIPS AES-128-CTR panic
When restapi is built with the FIPS-patched Go toolchain and the SymCrypt OpenSSL provider is the active FIPS provider, the first HTTPS request panics during the TLS 1.3 handshake: http: panic serving X.X.X.X: crypto/cipher: unsupported cipher: AES-128 vendor/github.com/golang-fips/openssl/v2.newCipherCtx vendor/github.com/golang-fips/openssl/v2.(*aesCipher).NewCTR crypto/cipher.NewCTR crypto/tls.(*serverHandshakeStateTLS13).sendSessionTickets Go's TLS 1.3 server uses AES-128-CTR to encrypt NewSessionTicket payloads. golang-fips/openssl/v2 routes the cipher allocation to OpenSSL's EVP_CIPHER_fetch, and the SymCrypt FIPS provider does not implement AES-128-CTR, so the fetch returns NULL and the binding panics. Set SessionTicketsDisabled: true on the HTTPS server's tls.Config. Session resumption via tickets is not load-bearing for the management REST API; TLS handshakes still complete normally and just go through a full handshake every time rather than resuming.
1 parent 5224ef4 commit 2a4f7d7

1 file changed

Lines changed: 4 additions & 0 deletions

File tree

go-server-server/main.go

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -50,6 +50,10 @@ func StartHttpsServer(handler http.Handler, messenger <-chan int, wgroup *sync.W
5050
// RequireAndVerifyClientCert
5151
ClientAuth: tls.RequireAndVerifyClientCert,
5252
MinVersion: tls.VersionTLS12,
53+
// Disable TLS session tickets to avoid an AES-128-CTR
54+
// panic in golang-fips/openssl/v2 with the SymCrypt
55+
// FIPS provider (which does not implement AES-128-CTR).
56+
SessionTicketsDisabled: true,
5357
}
5458
tlsConfig.BuildNameToCertificate()
5559

0 commit comments

Comments
 (0)