[8.15] (backport #20880) docs: add 8.14 TLS 1.2 RSA handshake breaking change#20889
Merged
mergify[bot] merged 1 commit into8.15from Apr 15, 2026
Merged
[8.15] (backport #20880) docs: add 8.14 TLS 1.2 RSA handshake breaking change#20889mergify[bot] merged 1 commit into8.15from
mergify[bot] merged 1 commit into8.15from
Conversation
* docs: add 8.14 TLS 1.2 RSA handshake breaking change note Document that TLS 1.2 RSA key exchange cipher negotiation can fail at runtime in 8.14+ due to Go 1.22 defaults, and include the GODEBUG workaround. Made-with: Cursor * docs: add breaking change entry to 8.14 release notes Add a dedicated Breaking Changes section to 8.14.0 release notes documenting TLS 1.2 RSA key exchange runtime handshake failures and the GODEBUG workaround. Made-with: Cursor * docs: reorder 8.14 breaking change section Move the 8.14 breaking changes block ahead of 8.11 to keep release sections in descending version order. Made-with: Cursor * docs: align 8.14 breaking-change format with existing style Reformat the 8.14 all-breaking-changes entry to use the standard bullet-and-details style used by nearby 8.x sections. Made-with: Cursor (cherry picked from commit 0605cf3)
Contributor
🤖 GitHub commentsJust comment with:
|
2 tasks
carsonip
approved these changes
Apr 14, 2026
Contributor
Author
Merge Queue Status
This pull request spent 1 day 2 hours 2 minutes 5 seconds in the queue, including 1 day 2 hours 1 minute 38 seconds running CI. Required conditions to merge
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Motivation/summary
This PR documents a TLS behavior change introduced with the Go 1.22 toolchain that first landed in APM Server 8.14.0.
It adds a user-facing breaking-change note in two places:
changelogs/8.14.asciidocunder the8.14.0release section (==== Breaking Changes)changelogs/all-breaking-changes.asciidocunder the=== 8.14sectionThe note explains that TLS 1.2 handshakes with RSA key exchange ciphers can fail at runtime even when startup succeeds, and documents the temporary workaround: set
GODEBUG=tlsrsakex=1on the APM Server process.Checklist
How to test these changes
changelogs/8.14.asciidocand verifyAPM version 8.14.0includes a==== Breaking Changessubsection describing this TLS behavior and workaround.changelogs/all-breaking-changes.asciidocand verify the=== 8.14section exists in correct descending order before=== 8.11.GODEBUG=tlsrsakex=1and reference issue#20879.#20879.Related issues
Fixes #20877
Related: #20879
This is an automatic backport of pull request #20880 done by Mergify.