Facing issue tls: FIPS 140-3 requires the use of Extended Master Secret

Hello Deepika

Thank you for providing details regarding your concern

As you are aware When FIPS 140-3 mode is enabled, Extended Master Secret is now required in TLS 1.2, and Ed25519 and X25519MLKEM768 are now allowed.

[+] https://go.dev/doc/go1.25

Further while using RDS Proxy Go 1.24 connectivity is working for you whereas with GO 1.25 it is failing.

RDS PostgreSQL do support TLS with Extended Master Secret (EMS). This is evidenced by the PostgreSQL 16.1 release notes which indicate two critical changes: implementation of a FIPS version of aws-lc and support for TLS 1.3 protocol settings. TLS 1.3 inherently includes EMS functionality as part of its protocol specification.

[+] https://docs.aws.amazon.com/AmazonRDS/latest/PostgreSQLReleaseNotes/postgresql-versions.html#postgresql-versions-version161

Kindly try your connectivity with Postgres 16.1+ database or you can upgrade you current database.

To get details related to your specific instance and your account, you can reachout to us AWS Support through a case.

And we can accordingly assist you for your concern.