samba - Jul 2023 - server signing = mandatory/required broken in 4.17.5 ?

We are using samba on RedHat 8.8. The latest samba version available for
RHEL8 is samba 4.17.5

Since samba is updated to 4.17.5 from 4.16.4 the "server signing
mandatory" config option seems to be broken.

Nessus scans reports a vulnerability on server signing not required:
SMB Signing not required
VULNERABILITY MEDIUM
PLUGIN ID57608
Description

Signing is not required on the remote SMB server. An unauthenticated,
remote attacker can exploit this to conduct man-in-the-middle attacks
against the SMB server.

Our smb.conf looks like this:

# See smb.conf.example for a more detailed config file or
# read the smb.conf manpage.
# Run 'testparm' to verify the config is correct after
# you modified it.

[global]
        workgroup = SAMBA
        security = user
        passdb backend = tdbsam
        server signing = mandatory
        map to guest = Never
        restrict anonymous = 2
[someshare]
        comment = This is a share for some share
        path = /var/someshare
        read only = no
        writable = yes
        public = no
        guest ok = no
        guest only = no
        valid users = someuser
        browsable = yes
        force user = someotheruser
        force group = someothergroup
        browseable = yes

Testing the configuration with testparm, gives this output:
testparm
Load smb config files from /etc/samba/smb.conf
Loaded services file OK.
Weak crypto is allowed by GnuTLS (e.g. NTLM as a compatibility fallback)

Server role: ROLE_STANDALONE

Press enter to see a dump of your service definitions

# Global parameters
[global]
        restrict anonymous = 2
        security = USER
        server signing = required
        workgroup = SAMBA
        idmap config * : backend = tdb


[someshare]
        comment = This is a share for SDC Ingest
        force group = someothergroup
        force user = someotheruser
        path = /var/someshare
        read only = No
        valid users = someuser

We also tried to change "server signing = mandatory" to "server
signing required" in the original config without effect.
When downgrading to 4.16.4 nessus reports a clean scan, when upgrading to
4.17.5 again, the vulnerability shows up again

Is this a known issue in 4.17.5 ?
Would an upgrade to a later version help (unfortunately currently
unavailable for RHEL8) ?
Is there any known change from 4.16 to 4.17 that could explain this issue ?

Thanks