From beffef2882c30a47eb3b56dd4d543cec687890b0 Mon Sep 17 00:00:00 2001 From: necaran <55765083+necaran@users.noreply.github.com> Date: Fri, 20 Jun 2025 01:05:00 +0800 Subject: [PATCH] mega: fix tls handshake failure - fixes #8565 The cipher suites used by Mega's storage endpoints: https://github.com/meganz/webclient/issues/103 are no longer supported by default since Go 1.22: https://tip.golang.org/doc/go1.22#minor_library_changes This therefore assigns the cipher suites explicitly to include the one Mega needs. --- backend/mega/mega.go | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/backend/mega/mega.go b/backend/mega/mega.go index 99b66e7e9..175fc643e 100644 --- a/backend/mega/mega.go +++ b/backend/mega/mega.go @@ -17,9 +17,11 @@ Improvements: import ( "context" + "crypto/tls" "errors" "fmt" "io" + "net/http" "path" "slices" "strings" @@ -216,7 +218,25 @@ func NewFs(ctx context.Context, name, root string, m configmap.Mapper) (fs.Fs, e defer megaCacheMu.Unlock() srv := megaCache[opt.User] if srv == nil { - srv = mega.New().SetClient(fshttp.NewClient(ctx)) + // srv = mega.New().SetClient(fshttp.NewClient(ctx)) + + // Workaround for Mega's use of insecure cipher suites which are no longer supported by default since Go 1.22. + // Relevant issues: + // https://github.com/rclone/rclone/issues/8565 + // https://github.com/meganz/webclient/issues/103 + clt := fshttp.NewClient(ctx) + clt.Transport = fshttp.NewTransportCustom(ctx, func(t *http.Transport) { + var ids []uint16 + // Read default ciphers + for _, cs := range tls.CipherSuites() { + ids = append(ids, cs.ID) + } + // Insecure but Mega uses TLS_RSA_WITH_AES_128_GCM_SHA256 for storage endpoints + // (e.g. https://gfs302n114.userstorage.mega.co.nz) as of June 18, 2025. + t.TLSClientConfig.CipherSuites = append(ids, tls.TLS_RSA_WITH_AES_128_GCM_SHA256) + }) + srv = mega.New().SetClient(clt) + srv.SetRetries(ci.LowLevelRetries) // let mega do the low level retries srv.SetHTTPS(opt.UseHTTPS) srv.SetLogger(func(format string, v ...any) {