Everywhere that makes a TLS connection from what I can see.
I just set the go version to 1.22 in go.mod. I didnât test any other functionality, so I wouldnât rely on it working as expected.
The real fix here is getting people to configure their networks correctly, but thatâs obviously not a realistic goal. One thing that would probably vastly reduce the likelihood of these things is if Canonicalâs servers didnât advertise that they accept jumbo frames in the TCP handshake.
My understanding is that, essentially, if ingress and egress for public APIâs is done over interfaces with a 1500 MTU, this should be safe even if the end user has a botched configuration. This is because then the TCP handshake would ensure clients donât attempt to send jumbo frames and Canonicalâs API servers wouldnât send jumbo frames back to them either, so we donât have to rely on ICMP doing its magic unimpeded, and we donât have to hope PMTUD works as intended.
So, Iâll let @awnns tell you the full story - but setting the MTU to 1500 on the controller machines explicitly stabilizes the situation. It took us about 2,5 weeks to get unblocked on this. Such a nightmare.