[fips140] `config/confighttp.TestHttpReception` unit test fails with `GODEBUG=fips140=only`

[ycombinator]

Component(s)

No response

Describe the issue you're reporting

Running the config/confighttp.TestHttpReception unit test with GODEBUG=fips140=only exposes any calls (direct or indirect) to non-FIPS140-compliant algorithms.

Such calls may be made by the test's code or from collector code exercised by the test. Also, the calls may be true positives or false positives (e.g. using md5, which is not FIPS140-compliant for cryptographic uses, in a non-cryptographic context, e.g. hashing for checksums). Depending on where the calls are being made from (test code or collector code) and whether they're true or false positives, we may need to either a) provide an alternative implementation — using the requirefips build tag — for the calls with ones to FIPS-compliant algorithms, b) skip the test when GODEBUG=fips140=only (should be done only if the calls are being made from the test code itself), or c) disable the code paths leading to the calls when the module is built with the requirefips build tag and document this (least preferred option).

Related to #13925 and #13926.

Steps to reproduce

1. Make sure Go version is >= 1.24.6.

   $ go version
   go version go1.25.1 darwin/arm64
   

2. Run the confighttp.TestHttpReception unit test with GODEBUG=fips140=only.

   $ cd config/confighttp/
   $ GODEBUG=fips140=only go test ./... -test.run TestHttpReception
   

Observed output

=== RUN   TestHttpReception
=== RUN   TestHttpReception/noTLS
=== RUN   TestHttpReception/TLS
    server_test.go:267:
        	Error Trace:	/Users/shaunak/development/github/opentelemetry-collector/config/confighttp/server_test.go:267
        	Error:      	Received unexpected error:
        	            	Get "https://127.0.0.1:64516": crypto/ecdh: use of X25519 is not allowed in FIPS 140-only mode
        	Test:       	TestHttpReception/TLS
=== RUN   TestHttpReception/TLS_(HTTP/1.1)
    server_test.go:267:
        	Error Trace:	/Users/shaunak/development/github/opentelemetry-collector/config/confighttp/server_test.go:267
        	Error:      	Received unexpected error:
        	            	Get "https://127.0.0.1:64518": crypto/ecdh: use of X25519 is not allowed in FIPS 140-only mode
        	Test:       	TestHttpReception/TLS_(HTTP/1.1)
=== RUN   TestHttpReception/NoServerCertificates
=== RUN   TestHttpReception/mTLS
    server_test.go:267:
        	Error Trace:	/Users/shaunak/development/github/opentelemetry-collector/config/confighttp/server_test.go:267
        	Error:      	Received unexpected error:
        	            	Get "https://127.0.0.1:64522": crypto/ecdh: use of X25519 is not allowed in FIPS 140-only mode
        	Test:       	TestHttpReception/mTLS
=== RUN   TestHttpReception/NoClientCertificate
=== RUN   TestHttpReception/WrongClientCA
--- FAIL: TestHttpReception (0.03s)
    --- PASS: TestHttpReception/noTLS (0.00s)
    --- FAIL: TestHttpReception/TLS (0.01s)
    --- FAIL: TestHttpReception/TLS_(HTTP/1.1) (0.00s)
    --- PASS: TestHttpReception/NoServerCertificates (0.00s)
    --- FAIL: TestHttpReception/mTLS (0.01s)
    --- PASS: TestHttpReception/NoClientCertificate (0.00s)
    --- PASS: TestHttpReception/WrongClientCA (0.00s)
FAIL
FAIL	go.opentelemetry.io/collector/config/confighttp	0.421s
?   	go.opentelemetry.io/collector/config/confighttp/internal	[no test files]
FAIL

Tip

_{React with 👍 to help prioritize this issue. Please use comments to provide useful context, avoiding +1 or me too, to help us triage it. Learn more here.}

[ycombinator]

Fix PR: #13992