tls1.3 ctr panic in fips only mode

[kruskall]

Microsoft build of Go version

1.24.3

What is your operating system and platform?

linux amd64

Output of go env in your module/workspace:

go env

What did you do?

build a go app spawning an http server with msft go fork, enable tls1.2 and tls1.3, start the app with fips only mode (https://go.dev/doc/security/fips140) and run ssltest to verify tls connectivity

What did you see happen?

panic during tls 1.3 handshakes:

http: panic serving 127.0.0.1:53824: crypto/cipher: use of CTR with non-AES ciphers is not allowed in FIPS 140-only mode
goroutine 143 [running]:
net/http.(*conn).serve.func1()
	net/http/server.go:1947 +0xbe
panic({0x227f400?, 0x2925430?})
	runtime/panic.go:792 +0x132
crypto/cipher.NewCTR({0x2940c70?, 0xc00019f1a0?}, {0xc000131100, 0x10, 0x79?})
	crypto/cipher/ctr.go:46 +0x429
crypto/tls.(*Config).encryptTicket(0xc0003b2d20, {0xc000131080, 0x49, 0x80}, {0xc000174180, 0x10cb662?, 0xc000308790?})
	crypto/tls/ticket.go:339 +0x1e8
crypto/tls.(*serverHandshakeState).sendSessionTicket(0xc000308750)
	crypto/tls/handshake_server.go:873 +0x1c5
crypto/tls.(*serverHandshakeState).handshake(0xc000308750)
	crypto/tls/handshake_server.go:125 +0x319
crypto/tls.(*Conn).serverHandshake(0xc00026dc08, {0x2944270, 0xc000340640})
	crypto/tls/handshake_server.go:64 +0x111
crypto/tls.(*Conn).handshakeContext(0xc00026dc08, {0x2944238, 0xc0004046f0})
	crypto/tls/conn.go:1568 +0x36b
crypto/tls.(*Conn).HandshakeContext(...)
	crypto/tls/conn.go:1508
net/http.(*conn).serve(0xc0001cebd0, {0x2944238, 0xc000182c00})
	net/http/server.go:1971 +0xeb3
created by net/http.(*Server).Serve in goroutine 137
	net/http/server.go:3454 +0x485

What did you expect to see?

TLS 1.3 connection completing without issues

[qmuntal]

Thanks for reporting. We don't currently support FIPS-only mode, see #1656.

Let's keep this issue open to track this specific gap.