tls1.3 hkdf panic in fips only mode

[kruskall]

Microsoft build of Go version

1.24.3

What is your operating system and platform?

linux amd64

Output of go env in your module/workspace:

go env

What did you do?

build a go app spawning an http server with msft go fork, enable tls1.2 and tls1.3, start the app with fips only mode (https://go.dev/doc/security/fips140) and run ssltest to verify tls connectivity

What did you see happen?

failures during TLS 1.3 handshakes:

http: panic serving 127.0.0.1:53768: crypto/hkdf: use of hash functions other than SHA-2 or SHA-3 is not allowed in FIPS 140-only mode
goroutine 71 [running]:
net/http.(*conn).serve.func1()
	net/http/server.go:1947 +0xbe
panic({0x233c6c0?, 0xc000170060?})
	runtime/panic.go:792 +0x132
crypto/tls/internal/tls13.extract[...](0xc000590170?, {0x0?, 0x1?, 0x1?}, {0x0?, 0x0?, 0x0?})
	crypto/tls/internal/tls13/tls13.go:65 +0xbd
crypto/tls/internal/tls13.NewEarlySecret[...](0xc000590170, {0x0, 0x7ff6e9797318?, 0xc000330ca8?})
	crypto/tls/internal/tls13/tls13.go:96 +0x35
crypto/tls.(*serverHandshakeStateTLS13).sendServerParameters(0xc0004457d0)
	crypto/tls/handshake_server_tls13.go:774 +0x419
crypto/tls.(*serverHandshakeStateTLS13).handshake(0xc0004457d0)
	crypto/tls/handshake_server_tls13.go:80 +0x72
crypto/tls.(*Conn).serverHandshake(0xc000366008, {0x2944270, 0xc0000e6140})
	crypto/tls/handshake_server.go:56 +0x19d
crypto/tls.(*Conn).handshakeContext(0xc000366008, {0x2944238, 0xc000368d80})
	crypto/tls/conn.go:1568 +0x36b
crypto/tls.(*Conn).HandshakeContext(...)
	crypto/tls/conn.go:1508
net/http.(*conn).serve(0xc00036c000, {0x2944238, 0xc000182c00})
	net/http/server.go:1971 +0xeb3
created by net/http.(*Server).Serve in goroutine 137
	net/http/server.go:3454 +0x485

What did you expect to see?

TLS 1.3 connection completing without issues

[qmuntal]

Thanks for reporting. We don't currently support FIPS-only mode, see #1656.

Let's keep this issue open to track this specific gap.