Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

help request: failed to match any SSL certificate by SNI #12034

Open
zsmlinux opened this issue Mar 11, 2025 · 3 comments
Open

help request: failed to match any SSL certificate by SNI #12034

zsmlinux opened this issue Mar 11, 2025 · 3 comments
Labels
question label for questions asked by users

Comments

@zsmlinux
Copy link

Description

errorlog

init.lua:205: http_ssl_client_hello_phase(): failed to match any SSL certificate by SNI: xxx.com.browser, context: ssl_client_hello_by_lua*, client: 183.232.4.48, server: 0.0.0.0:443

Why the SNI endwith .browser?

Environment

  • APISIX version (run apisix version):
  • Operating system (run uname -a):
  • OpenResty / Nginx version (run openresty -V or nginx -V):
  • etcd version, if relevant (run curl http://127.0.0.1:9090/v1/server_info):
  • APISIX Dashboard version, if relevant:
  • Plugin runner version, for issues related to plugin runners:
  • LuaRocks version, for installation issues (run luarocks --version):
@dosubot dosubot bot added the question label for questions asked by users label Mar 11, 2025
@Baoyuantop
Copy link
Contributor

Please provide the configuration information related to the certificate and complete the Environment details as much as possible. This will help with troubleshooting the issue.

@zsmlinux
Copy link
Author

Please provide the configuration information related to the certificate and complete the Environment details as much as possible. This will help with troubleshooting the issue.

      ssl:
        enable: true
        listen:
          -
            port: 443
        ssl_ciphers: "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA"
        ssl_protocols: "TLSv1 TLSv1.1 TLSv1.2"
        ssl_session_tickets: false

This is certificate configuration,but I don't think any promblem here.

@juzhiyuan
Copy link
Member

Hi @zsmlinux, to reproduce your issue, we need complete steps to follow and try. Please provide a minimal reproducible demo.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question label for questions asked by users
Projects
Apache APISIX backlog
Status: 📋 Backlog
Milestone
No milestone
Development

No branches or pull requests
3 participants
@juzhiyuan @zsmlinux @Baoyuantop