Description
This update is regarding a change in Go 1.25 to reject TLS 1.2 handshake without extended master secret (EMS) when FIPS mode is enabled. Starting AKS v1.34, kubernetes control plane components are built with Go 1.25 and FIPS‑validated cryptographic modules, which enforce EMS for TLS 1.2 connections on FIPS nodes.
When FIPS mode is active, TLS 1.2 handshakes that do not include the EMS extension are rejected. This enforcement applies to both TLS clients and servers implemented using the Go standard library. Prior to Go 1.21, Go TLS clients did not send the EMS extension by default for TLS 1.2 connections. As a result, applications built with older Go versions (Go <1.21) may fail to establish TLS connections to FIPS‑enabled AKS components after upgrading to AKS v1.34. This behavior can affect:
- Client applications communicating with the Kubernetes API server
- Admission webhooks and other webhook servers registered with the kube‑apiserver
References
Affected Components
- AKS Cluster v1.34 if your applications are built with Go < 1.21
Resolutions
- Rebuild applications using Go 1.21 or later
- Microsoft strongly recommends upgrading to a currently supported Go version
Description
This update is regarding a change in Go 1.25 to reject TLS 1.2 handshake without extended master secret (EMS) when FIPS mode is enabled. Starting AKS v1.34, kubernetes control plane components are built with Go 1.25 and FIPS‑validated cryptographic modules, which enforce EMS for TLS 1.2 connections on FIPS nodes.
When FIPS mode is active, TLS 1.2 handshakes that do not include the EMS extension are rejected. This enforcement applies to both TLS clients and servers implemented using the Go standard library. Prior to Go 1.21, Go TLS clients did not send the EMS extension by default for TLS 1.2 connections. As a result, applications built with older Go versions (Go <1.21) may fail to establish TLS connections to FIPS‑enabled AKS components after upgrading to AKS v1.34. This behavior can affect:
References
Affected Components
Resolutions