diff --git a/go b/go
index b8191a2f98..70d5aa7ba2 160000
--- a/go
+++ b/go
@@ -1 +1 @@
-Subproject commit b8191a2f9893220bdbe52ecebb37e293847d98f5
+Subproject commit 70d5aa7ba25f23b02d87512c5a6b6a9c699334ee
diff --git a/patches/0002-Add-crypto-backend-GOEXPERIMENTs.patch b/patches/0002-Add-crypto-backend-GOEXPERIMENTs.patch
index 52e27cb474..19ab6d19cd 100644
--- a/patches/0002-Add-crypto-backend-GOEXPERIMENTs.patch
+++ b/patches/0002-Add-crypto-backend-GOEXPERIMENTs.patch
@@ -391,7 +391,7 @@ index 00000000000000..eb8a026982259c
 +
 +package main
 diff --git a/src/internal/buildcfg/exp.go b/src/internal/buildcfg/exp.go
-index df41f79338841f..0c25f3cce97202 100644
+index aa41986e8e9387..87cd1f4de3246a 100644
 --- a/src/internal/buildcfg/exp.go
 +++ b/src/internal/buildcfg/exp.go
 @@ -6,6 +6,7 @@ package buildcfg
@@ -441,15 +441,15 @@ index df41f79338841f..0c25f3cce97202 100644
  	// Older versions (anything before V16) of dsymutil don't handle
  	// the .debug_rnglists section in DWARF5. See
  	// https://github.com/golang/go/issues/26379#issuecomment-2677068742
-@@ -87,6 +113,7 @@ func ParseGOEXPERIMENT(goos, goarch, goexp string) (*ExperimentFlags, error) {
- 		RandomizedHeapBase64:  true,
- 		SizeSpecializedMalloc: true,
- 		GreenTeaGC:            true,
-+		SystemCrypto:          systemCryptoSupported,
+@@ -86,6 +112,7 @@ func ParseGOEXPERIMENT(goos, goarch, goexp string) (*ExperimentFlags, error) {
+ 		Dwarf5:               dwarf5Supported,
+ 		RandomizedHeapBase64: true,
+ 		GreenTeaGC:           true,
++		SystemCrypto:         systemCryptoSupported,
  	}
  	flags := &ExperimentFlags{
  		Flags:    baseline,
-@@ -126,6 +153,14 @@ func ParseGOEXPERIMENT(goos, goarch, goexp string) (*ExperimentFlags, error) {
+@@ -125,6 +152,14 @@ func ParseGOEXPERIMENT(goos, goarch, goexp string) (*ExperimentFlags, error) {
  				// to build with any experiment flags.
  				flags.Flags = goexperiment.Flags{}
  				continue
@@ -464,7 +464,7 @@ index df41f79338841f..0c25f3cce97202 100644
  			}
  			val := true
  			if strings.HasPrefix(f, "no") {
-@@ -139,6 +174,10 @@ func ParseGOEXPERIMENT(goos, goarch, goexp string) (*ExperimentFlags, error) {
+@@ -138,6 +173,10 @@ func ParseGOEXPERIMENT(goos, goarch, goexp string) (*ExperimentFlags, error) {
  		}
  	}
  
@@ -475,7 +475,7 @@ index df41f79338841f..0c25f3cce97202 100644
  	if regabiAlwaysOn {
  		flags.RegabiWrappers = true
  		flags.RegabiArgs = true
-@@ -152,6 +191,9 @@ func ParseGOEXPERIMENT(goos, goarch, goexp string) (*ExperimentFlags, error) {
+@@ -151,6 +190,9 @@ func ParseGOEXPERIMENT(goos, goarch, goexp string) (*ExperimentFlags, error) {
  	if flags.RegabiArgs && !flags.RegabiWrappers {
  		return nil, fmt.Errorf("GOEXPERIMENT regabiargs requires regabiwrappers")
  	}
diff --git a/patches/0004-Use-crypto-backends.patch b/patches/0004-Use-crypto-backends.patch
index 4ea980e06a..72d649d1ec 100644
--- a/patches/0004-Use-crypto-backends.patch
+++ b/patches/0004-Use-crypto-backends.patch
@@ -3530,7 +3530,7 @@ index 027bc22c33c921..eba08da985f832 100644
  package fipsonly
  
 diff --git a/src/crypto/tls/handshake_client.go b/src/crypto/tls/handshake_client.go
-index c2b1b7037a46cf..f490c3fc5b1cae 100644
+index 7d4bd5bcceba4f..697dfa1ecb792e 100644
 --- a/src/crypto/tls/handshake_client.go
 +++ b/src/crypto/tls/handshake_client.go
 @@ -11,10 +11,10 @@ import (
@@ -3545,7 +3545,7 @@ index c2b1b7037a46cf..f490c3fc5b1cae 100644
  	"crypto/x509"
  	"errors"
  	"fmt"
-@@ -514,7 +514,20 @@ func (c *Conn) pickTLSVersion(serverHello *serverHelloMsg) error {
+@@ -523,7 +523,20 @@ func (c *Conn) pickTLSVersion(serverHello *serverHelloMsg) error {
  
  // Does the handshake, either a full one or resumes old session. Requires hs.c,
  // hs.hello, hs.serverHello, and, optionally, hs.session to be set.
@@ -3583,7 +3583,7 @@ index 77a24b4a78d8fc..84724fac5f951e 100644
  	"hash"
  	"slices"
 diff --git a/src/crypto/tls/handshake_server.go b/src/crypto/tls/handshake_server.go
-index 06675a8ce9d2a1..9b761f256f4fcf 100644
+index 34dfb13b672f79..e635079f12313f 100644
 --- a/src/crypto/tls/handshake_server.go
 +++ b/src/crypto/tls/handshake_server.go
 @@ -63,7 +63,20 @@ func (c *Conn) serverHandshake(ctx context.Context) error {
@@ -3609,7 +3609,7 @@ index 06675a8ce9d2a1..9b761f256f4fcf 100644
  
  	if err := hs.processClientHello(); err != nil {
 diff --git a/src/crypto/tls/handshake_server_tls13.go b/src/crypto/tls/handshake_server_tls13.go
-index 0033164f65da8c..04e995eddcf6c1 100644
+index bce94ed2d8c436..14834301052886 100644
 --- a/src/crypto/tls/handshake_server_tls13.go
 +++ b/src/crypto/tls/handshake_server_tls13.go
 @@ -11,9 +11,9 @@ import (
@@ -3620,9 +3620,9 @@ index 0033164f65da8c..04e995eddcf6c1 100644
  	"crypto/rsa"
  	"crypto/tls/internal/fips140tls"
 +	"crypto/tls/internal/tls13"
+ 	"crypto/x509"
  	"errors"
  	"fmt"
- 	"hash"
 @@ -453,9 +453,6 @@ func cloneHash(in hash.Hash, h crypto.Hash) hash.Hash {
  		UnmarshalBinary(data []byte) error
  	}