fix: move godebug directive from go.mod to go.work

DataDog · Mar 3, 2025 · 1d27d53 · 1d27d53
1 parent 0b4f8a7
commit 1d27d53
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 6 deletions.
diff --git a/go.mod b/go.mod
@@ -4,12 +4,6 @@ go 1.23.0
 
 toolchain go1.23.6
 
-// Disable experimental post-quantum key exchange mechanism X25519Kyber768Draft00
-// This was causing errors with AWS Network Firewall
-// See https://github.com/DataDog/datadog-agent/issues/34323 for details.
-// This will be revisited once we update to 1.24.x
-godebug tlskyber=0
-
 // v0.8.0 was tagged long ago, and appared on pkg.go.dev.  We do not want any tagged version
 // to appear there.  The trick to accomplish this is to make a new version (in this case v0.9.0)
 // that retracts itself and the previous version.

diff --git a/go.work b/go.work
@@ -2,6 +2,12 @@ go 1.23.5
 
 toolchain go1.23.6
 
+// Disable experimental post-quantum key exchange mechanism X25519Kyber768Draft00
+// This was causing errors with AWS Network Firewall
+// See https://github.com/DataDog/datadog-agent/issues/34323 for details.
+// This will be revisited once we update to 1.24.x
+godebug tlskyber=0
+
 use (
 	.
 	comp/api/api/def

diff --git a/releasenotes/notes/fix-kyber-firewall-again-8252b095a52698e2.yaml b/releasenotes/notes/fix-kyber-firewall-again-8252b095a52698e2.yaml
@@ -0,0 +1,12 @@
+# Each section from every release note are combined when the
+# CHANGELOG.rst is rendered. So the text needs to be worded so that
+# it does not depend on any information only available in another
+# section. This may mean repeating some details, but each section
+# must be readable independently of the other.
+#
+# Each section note must be formatted as reStructuredText.
+---
+fixes:
+  - |
+    Disable the X25519Kyber768Draft00 key exchange mechanism to avoid issues with
+    firewalls not supporting it, in particular AWS Network Firewall.