Open penM000 opened 3 weeks ago
Hello,
there is no change between v4.16.1 and v4.17.3 on the nifcloud package.
https://github.com/go-acme/lego/compare/v4.16.1...v4.17.3
The only change is the Go version used to compile, so I guess the nifcloud certificates have an issue.
Hello.
We have confirmed the changes due to the go version change. (https://tip.golang.org/doc/go1.22)
We have confirmed the following description.
By default, cipher suites without ECDHE support are no longer offered by either clients or servers during pre-TLS 1.3 handshakes. reverted with the tlsrsakex=1 GODEBUG setting.
We have run “https://www.ssllabs.com/ssltest/” against “https://dns.api.nifcloud.com” and obtained the following results.
We expect this is due to a TLS cipher suite limitation caused by the go version change, not the certificate.
So, as I expressed in my first comment, this is a problem with Nifcloud itself.
I don't think we will not compile lego with tlsrsakex=1
just for nifcloud.
Welcome
What did you expect to see?
As with v4.16.1, v4.17.3 and later versions can issue certificates.
What did you see instead?
The certificate was successfully issued in v4.16.1, but the handshake with “https://dns.api.nifcloud.com” fails in v4.17.3 and later versions.
How do you use lego?
Docker image
Reproduction steps
Verify that the certificate can be issued with v4.16.1.
Verify that the certificate cannot be issued with v4.17.3.
Version of lego
Logs
Go environment (if applicable)