[GH-ISSUE #1176] cipher_suites=AESGCM silently fails #618

New issue

Closed

opened 2026-03-04 01:47:15 +03:00 by kerem · 2 comments

kerem commented

2026-03-04 01:47:15 +03:00

Owner

Originally created by @Teej42 on GitHub (Oct 16, 2019).
Original GitHub issue: https://github.com/s3fs-fuse/s3fs-fuse/issues/1176

Version of s3fs being used (s3fs --version)

V1.85

Version of fuse being used (pkg-config --modversion fuse, rpm -qi fuse, dpkg -s fuse)

2.9.2

Kernel information (uname -r)

4.15.0-65-generic

GNU/Linux Distribution, if applicable (cat /etc/os-release)

CentOS Linux 7 (Core)

s3fs command line used, if applicable

s3fs [bucket] /app/s3fs/mount/[bucket] -o passwd_file=[passwd_file] -o cipher_suites=AESGCM -o sigv2 -o use_path_request_style -o url=https://s3.us-south.cloud-object-storage.appdomain.cloud -o kernel_cache -o max_stat_cache_size=100000 -o multipart_size=52 -o parallel_count=30 -o multireq_max=30 -o max_background=1000 -o dbglevel=warn -o allow_other

s3fs syslog messages (grep s3fs /var/log/syslog, journalctl | grep s3fs, or s3fs outputs)

Note: There appears to be no log in this docker image or LogDNA related to this issue. Return code for above command is 0. df -h does not show the mount.

Details about issue

On CentOS docker image with yum install, s3fs silently fails when using cipher_suites option that is apparently not supported. The specific version is:

[root@image]# s3fs --version
Amazon Simple Storage Service File System V1.85(commit:unknown) with OpenSSL
Copyright (C) 2010 Randy Rizun <rrizun@gmail.com>
License GPL2: GNU GPL version 2 <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

The same command on my Mac on the same network works and was installed using brew. Version is:

(base) [laptop:~/Downloads]$ s3fs --version
Amazon Simple Storage Service File System V1.85(commit:unknown) with GnuTLS(gcrypt)
Copyright (C) 2010 Randy Rizun <rrizun@gmail.com>
License GPL2: GNU GPL version 2 <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

There are two concerns:

Despite having OpenSSL, AESGCM cypher does not work, despite instructions on this page seemly claiming so:

https://medium.com/@ozeri/file-like-access-to-ibm-cloud-object-storage-using-s3fs-f5094ed42594

Any issue with cipher_suites silently fails without any notification. It needs to loudly proclaim that this option is not compatible with whatever settings/packages that is being used.

Please advise.

Originally created by @Teej42 on GitHub (Oct 16, 2019). Original GitHub issue: https://github.com/s3fs-fuse/s3fs-fuse/issues/1176 #### Version of s3fs being used (s3fs --version) V1.85 #### Version of fuse being used (pkg-config --modversion fuse, rpm -qi fuse, dpkg -s fuse) 2.9.2 #### Kernel information (uname -r) 4.15.0-65-generic #### GNU/Linux Distribution, if applicable (cat /etc/os-release) CentOS Linux 7 (Core) #### s3fs command line used, if applicable ``` s3fs [bucket] /app/s3fs/mount/[bucket] -o passwd_file=[passwd_file] -o cipher_suites=AESGCM -o sigv2 -o use_path_request_style -o url=https://s3.us-south.cloud-object-storage.appdomain.cloud -o kernel_cache -o max_stat_cache_size=100000 -o multipart_size=52 -o parallel_count=30 -o multireq_max=30 -o max_background=1000 -o dbglevel=warn -o allow_other ``` #### s3fs syslog messages (grep s3fs /var/log/syslog, journalctl | grep s3fs, or s3fs outputs) Note: There appears to be no log in this docker image or LogDNA related to this issue. Return code for above command is `0`. `df -h` does not show the mount. ### Details about issue On CentOS docker image with yum install, s3fs silently fails when using `cipher_suites` option that is apparently not supported. The specific version is: ``` [root@image]# s3fs --version Amazon Simple Storage Service File System V1.85(commit:unknown) with OpenSSL Copyright (C) 2010 Randy Rizun <rrizun@gmail.com> License GPL2: GNU GPL version 2 <https://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. ``` The same command on my Mac on the same network works and was installed using brew. Version is: ``` (base) [laptop:~/Downloads]$ s3fs --version Amazon Simple Storage Service File System V1.85(commit:unknown) with GnuTLS(gcrypt) Copyright (C) 2010 Randy Rizun <rrizun@gmail.com> License GPL2: GNU GPL version 2 <https://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. ``` There are two concerns: 1. Despite having OpenSSL, `AESGCM` cypher does not work, despite instructions on this page seemly claiming so: https://medium.com/@ozeri/file-like-access-to-ibm-cloud-object-storage-using-s3fs-f5094ed42594 2. Any issue with `cipher_suites` silently fails without any notification. It needs to loudly proclaim that this option is not compatible with whatever settings/packages that is being used. Please advise.

kerem

2026-03-04 01:47:15 +03:00

closed this issue
added the
need info
label

kerem commented

2026-03-04 01:47:16 +03:00

Author

Owner

@gaul commented on GitHub (Feb 3, 2020):

Could you share how to reproduce this? I'm not sure how to get the cipher mismatch.

@gaul commented on GitHub (Feb 3, 2020): Could you share how to reproduce this? I'm not sure how to get the cipher mismatch.

kerem commented

2026-03-04 01:47:16 +03:00

Author

Owner

@gaul commented on GitHub (Jun 23, 2020):

Closing due to inactivity. Please reopen if symptoms persist.

@gaul commented on GitHub (Jun 23, 2020): Closing due to inactivity. Please reopen if symptoms persist.