diff --git a/.buildkite/scripts/test-fipsonly.sh b/.buildkite/scripts/test-fipsonly.sh
index c7abff8c..6a64a0bd 100755
--- a/.buildkite/scripts/test-fipsonly.sh
+++ b/.buildkite/scripts/test-fipsonly.sh
@@ -11,7 +11,13 @@ with_go_junit_report
 
 echo "--- Go Test fips140=only"
 set +e
-GODEBUG=fips140=only go test -tags=integration,requirefips -race -v ./... > test-fips-report.txt
+
+#We also set GODEBUG=tlsmlkem=0 to disable the X25519MLKEM768 TLS key
+#exchange mechanism; without this setting and with the GODEBUG=fips140=only
+#setting, we get errors in tests like so:
+#Failed to connect: crypto/ecdh: use of X25519 is not allowed in FIPS 140-only mode
+#Note that we are only disabling this TLS key exchange mechanism in tests!
+GODEBUG="fips140=only,tlsmlkem=0" go test -tags=integration,requirefips -race -v ./... > test-fips-report.txt
 exit_code=$?
 set -e
 
diff --git a/.go-version b/.go-version
index 59b05446..e6a6e7cd 100644
--- a/.go-version
+++ b/.go-version
@@ -1 +1 @@
-1.24.13
+1.25.8