From e44829a448f9d5e223c96eb0f0d6bfc51a3d9e61 Mon Sep 17 00:00:00 2001
From: necaran <55765083+necaran@users.noreply.github.com>
Date: Sat, 24 Jan 2026 03:50:04 +0800
Subject: [PATCH] mega: reverts TLS workaround

The workaround to include the obsolete cipher suite is no longer needed because storage endpoints now support TLS1.3.
---
 backend/mega/mega.go | 22 +---------------------
 1 file changed, 1 insertion(+), 21 deletions(-)

diff --git a/backend/mega/mega.go b/backend/mega/mega.go
index 3c625da02..4eda36a44 100644
--- a/backend/mega/mega.go
+++ b/backend/mega/mega.go
@@ -17,12 +17,10 @@ Improvements:
 
 import (
 	"context"
-	"crypto/tls"
 	"encoding/base64"
 	"errors"
 	"fmt"
 	"io"
-	"net/http"
 	"path"
 	"slices"
 	"strings"
@@ -256,25 +254,7 @@ func NewFs(ctx context.Context, name, root string, m configmap.Mapper) (fs.Fs, e
 	defer megaCacheMu.Unlock()
 	srv := megaCache[opt.User]
 	if srv == nil {
-		// srv = mega.New().SetClient(fshttp.NewClient(ctx))
-
-		// Workaround for Mega's use of insecure cipher suites which are no longer supported by default since Go 1.22.
-		// Relevant issues:
-		// https://github.com/rclone/rclone/issues/8565
-		// https://github.com/meganz/webclient/issues/103
-		clt := fshttp.NewClient(ctx)
-		clt.Transport = fshttp.NewTransportCustom(ctx, func(t *http.Transport) {
-			var ids []uint16
-			// Read default ciphers
-			for _, cs := range tls.CipherSuites() {
-				ids = append(ids, cs.ID)
-			}
-			// Insecure but Mega uses TLS_RSA_WITH_AES_128_GCM_SHA256 for storage endpoints
-			// (e.g. https://gfs302n114.userstorage.mega.co.nz) as of June 18, 2025.
-			t.TLSClientConfig.CipherSuites = append(ids, tls.TLS_RSA_WITH_AES_128_GCM_SHA256)
-		})
-		srv = mega.New().SetClient(clt)
-
+		srv = mega.New().SetClient(fshttp.NewClient(ctx))
 		srv.SetRetries(ci.LowLevelRetries) // let mega do the low level retries
 		srv.SetHTTPS(opt.UseHTTPS)
 		srv.SetLogger(func(format string, v ...any) {