Open mmatczuk opened 2 days ago
Related Issues and Documentation
(Emoji vote if this was helpful or unhelpful; more detailed feedback welcome in this discussion.)
This makes PaloAlto reject connection due to ssl_partial_client_hello_incomplete
as described here https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000kI0RCAU
I would say that this is caused by X25519Kyber768Draft00. See #67061.
CC @golang/security @FiloSottile
I can confirm that setting GODEBUG=tlskyber=0
sends Client Hello in a single frame.
There is not really much we can do about this. PQ schemes are, generally, large, and using them is likely to cause a client hello to span more than one TCP packet. TLS makes no guarantee that the hello will be a single packet, so this seems like solely a PaloAlto issue. As noted, you can avoid this by disabling the Kyber KEX.
This is a semi-common problem: https://tldr.fail/.
Go version
go1.23
Output of
go env
in your module/workspace:What did you do?
I'm openning TLS connection with very basic TLS config attached below
What did you see happen?
I see that the Client Hello is constructed from two frames even if I do not intend to send any ECH data.
What did you expect to see?
Running the same code with Go 1.22 sends Client Hello in a single frame