qizhendong1 opened a new issue, #12093: URL: https://github.com/apache/apisix/issues/12093
### Current Behavior When configuring multiple domain names, if one of them contains *, such as *. abc.cn (TLS version 1.3), and also contains test1.abc.cn (TLS version 1.2), test2.abc.cn (TLS version 1.2), then when accessing test2.abc.cn, the TLS version should be 1.3, but the current behavior may be 1.3 ### Expected Behavior test1.abc.cn,test2.abc.cn,use TLS 1.2 match *.abc.cn use TLS 1.3 ### Error Logs _No response_ ### Steps to Reproduce # abc.com crt ``` -----BEGIN CERTIFICATE----- MIIDgzCCAmugAwIBAgIUXBAJQHvLyiuXUvzP7CONYNq5dDMwDQYJKoZIhvcNAQEL BQAwYTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcM DVNhbiBGcmFuY2lzY28xEzARBgNVBAoMCk15IENvbXBhbnkxEDAOBgNVBAMMB2Fi Yy5jb20wIBcNMjUwMzI3MDg0OTI2WhgPMjIyNTAyMDcwODQ5MjZaMGExCzAJBgNV BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNp c2NvMRMwEQYDVQQKDApNeSBDb21wYW55MRAwDgYDVQQDDAdhYmMuY29tMIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt8BPfJIcLyCDy3T2pNUuy0GbsxlR ZlyUBLgLxzhSvXWUKpZWlClt116g82W6tvjs7vd+dCG3jtPwptKeX8s07KYz4SfH 9fXwVpNx4WFGX0ijGhqnH28WVpCLiX2Not+T1aPSCzjNQtAzqGQ1Xc5RtNi+heCt tugiQx2QV2mW5plrRpfchP54hJ843TcGLTBVjWrpG0gJK0EAwmiACnzkpIiK8zTE LC7w6v/0N1HclTU/EXmIdoVU88F5peUtnfH7EvzcQnOjQS4u6Zs8KbBSdhPHb7mL O0q9aN3HWhp7TEeToN1flldPOGYn6Qbe+iIBy+NZYjElhlaNxFyLSKOgIwIDAQAB ozEwLzAtBgNVHREEJjAkggdhYmMuY29tggkqLmFiYy5jb22CDioucGFnZS5hYmMu Y29tMA0GCSqGSIb3DQEBCwUAA4IBAQCYNdI/ryjffrSLkwsm7XLyRkgi+1RRiVmg CflJwbThHYfog0aI8uQoFz9UCDOz4nPqiDdOceO1JpbtmKu8NjGx4AzSFy0blreL dQyQjJg9VO9/aymSwcAYlc9t4EG7SCcDUiPBR54OtI44hHi8EzevJZWl4KDrhCUI qHcj+udEfXjaMUxmNQqoZ4oLt0fdUshW2YNi8fU+AAL8+YkRnaMDmNAItUai5lzs XW7MSRwvR+Jhnq92dp3mrusb8WOicG7E3787EJjw2aIgC375qjFzgRfp1neY1dMq P4khb3CsQ4SmkWJZ3FZbDZyyeco2kRs70+POtNHYDBYeJZnsvrUQ -----END CERTIFICATE----- ``` # abc.com key ``` -----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEAt8BPfJIcLyCDy3T2pNUuy0GbsxlRZlyUBLgLxzhSvXWUKpZW lClt116g82W6tvjs7vd+dCG3jtPwptKeX8s07KYz4SfH9fXwVpNx4WFGX0ijGhqn H28WVpCLiX2Not+T1aPSCzjNQtAzqGQ1Xc5RtNi+heCttugiQx2QV2mW5plrRpfc hP54hJ843TcGLTBVjWrpG0gJK0EAwmiACnzkpIiK8zTELC7w6v/0N1HclTU/EXmI doVU88F5peUtnfH7EvzcQnOjQS4u6Zs8KbBSdhPHb7mLO0q9aN3HWhp7TEeToN1f lldPOGYn6Qbe+iIBy+NZYjElhlaNxFyLSKOgIwIDAQABAoIBADtQXZglhemEgmaT m+Y7Vn6P8BWRD6COM82OJ2cofDTiFnDk1I/BC87goe3PocTcd4bv5ybPl3QIX/9J r4vWiX/2anq8n6R6vhkEQVdyUggB53xOrDHOZxSMVi6Mk8LGju8AkZXDwSZXFMW/ iyZ7qg5JhL6sdwa6ygyGJ4i/8dD/mwMRPigRGw5tTO7ogd6hkNKq9zYbDb7yppKa vvyLQt9aZseCBWn/YHaBrFB5gqzVumSGBK34Ykd5Dg3T44NR4Swb3aYPHMRBIxji BQ/Esnxri07yObtANhtJRBp8d+J0rIb16QEyt0P0gXyTuMR+uL3JGK/x0+Ar5ijz YXK3+hECgYEA2+ttPmO0UxhOMaZawPACgD1Ik0wsN7iYm7/EPrZmNZBeByZ/6dSz tcQrSDavYQjVvlcscvH1y2dybTON+mlw4uxuxzgBIhtVdKkzcCsOwVvzQI0ZDgBP 5qeLJxAN3OunH+Czd139PliJ8+s+VGhmQTk2vucIRs34fEZ/PD9izDsCgYEA1eXR hrj/qX0bzYy8rVHCAaYaclrTT0/fz8N+catJW8dxAKLjJAmc6kTaIbVqgDcXYI9Q FSrB2dQyndsHR6Q0j4dW8K2ATUo5TXlaIqQ57e26QE4s8GphegGAtvhGXGQIVCWX Htfry2fbEoS+vDSiHn75uwItmo3rWGgA1TmFBTkCgYEAtgLDBz+9nogfLzhfJA+A AmK2DjKc5gEBTOYJpV2QegRhzckvVHeVxHn22G1p+QU24bGEOB3JL+8N5RMmDnn1 09maVYckaPX2Y/cle1AnhiBz0pj0g4H+nwdLQ6kl0BG438k4vzIqxc7BXf70Nyew eYrApH7Resg9P52Y8GQFgMECgYEAtx361KWIamdq5/w2gwLdXl//gCr1gI7XAp1Q oKuNL/98ZJkOcAmyxnSPchBHzuBbKRVH7/cc4gliE/YxM0oGnWG2MnG2x3RlvkfH vKRv25uLugWzP1czgCnNMdc3FV2mK7PKvmMHwKl2yVHPoHxG1mjKDyl8NTaOZq8T F3gYwzECgYAoQ0pVU9m5bHEYlEAPCCfzDYssJGRUpx4I1CI065OFl9NlEHnRr5KM QOnp5SOSotQTJSC7Vh/cAankaGIfYRtPNh5G/ujHExGs9ZWke/rAMrokhAo6NVYN EQuooRICoSYedwNuXVecZsWfYQRNUcZd9nAUu+NU5m/d5Z+PsXmEkg== -----END RSA PRIVATE KEY----- ``` # set ssls curl -i http://127.0.0.1:9080/apisix/admin/ssls/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d ' { "ssl_protocols": ["TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"], "cert": "'"$(cat /opt/abc.crt)"'", "key": "'"$(cat /opt/abc.key)"'", "snis": [ "eos.central-suzhou.cmecloud.cn", "*.eos.central-suzhou.cmecloud.cn" ] }' ### Environment - APISIX version (run `apisix version`): 3.3 - Operating system (run `uname -a`): centos 7 - OpenResty / Nginx version (run `openresty -V` or `nginx -V`): 1.24.3.2 - etcd version, if relevant (run `curl http://127.0.0.1:9090/v1/server_info`): - APISIX Dashboard version, if relevant: - Plugin runner version, for issues related to plugin runners: - LuaRocks version, for installation issues (run `luarocks --version`): -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
