crypto/tls: segfault when calling tlsrsakex.IncNonDefault()
#65991
Labels
NeedsInvestigation
Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone
Go version
go version go1.22.0 linux/amd64
Output of
go env
in your module/workspace:What did you do?
Tried to connect to a postgres DB over TLS using jackc/pgx (see stack trace).
What did you see happen?
A panic when
crypto/tls
callsinternal/godebug.(*Setting).IncNonDefault
:What did you expect to see?
Expected no segfault/panic. Looking at
crypto/tls
, it's my suspicion that, due to having goboring enabled and thus needing FIPS,tlsrsakex.Value()
has not been called whentlsrsakex.IncNonDefault()
is called. This could probably be triggered by having non default.CipherSuites
set as well. Perhaps the underlying issue is that RSA ciphers aren't filtered out offipsCipherSuites()
in the first place, which is what allows the branch withIncNonDefault()
to even be taken.The text was updated successfully, but these errors were encountered: