[GH-ISSUE #4670] wildcard dns first record does not look like a TLS handshake #3687

New issue

Closed

opened 2026-05-05 14:21:54 -06:00 by gitea-mirror · 2 comments

gitea-mirror commented 2026-05-05 14:21:54 -06:00

Owner

Copy link

Originally created by @jaimeph on GitHub (Feb 13, 2025).
Original GitHub issue: https://github.com/fatedier/frp/issues/4670

Bug Description

I have configured:

1. DNS *.test.com, test.com.
2. Same certificate with both DNS.
3. A Load Balancer that loads the certificate.
4. An IP associated to the Load Balancer which in turn goes to frps, under port 443.
5. When I launch a request to https://abc.test.com, frps returns this error: get hostname from http/https request error: tls: first record does not look like a TLS handshake

What could be happening?

frpc Version

0.61.1

frps Version

0.61.1

System Architecture

linux/amd64

Configurations

bindPort = 7000

# vhostHTTPPort = 80
vhostHTTPSPort = 443

transport.tls.force = false

auth.method = "token"
auth.token = "*****"

maxPortsPerClient = 1

subDomainHost = "test.com"

log.level = "trace"

# custom404Page = "/config/404.html"

webServer.addr = "127.0.0.1"
webServer.port = 7500
webServer.user = "admin"
webServer.password = "admin"

Logs

Waiting for the file /config/frps.toml...
File found!
2025-02-13 20:40:54.331 [I] [frps/root.go:105] frps uses config file: /config/frps.toml
2025-02-13 20:40:54.685 [I] [server/service.go:237] frps tcp listen on 0.0.0.0:7000
2025-02-13 20:40:54.685 [I] [server/service.go:319] https service listen on 0.0.0.0:443
2025-02-13 20:40:54.685 [I] [frps/root.go:114] frps started successfully
2025-02-13 20:40:54.685 [I] [server/service.go:351] dashboard listen on 127.0.0.1:7500
2025-02-13 20:41:02.433 [D] [vhost/vhost.go:208] get hostname from http/https request error: tls: first record does not look like a TLS handshake
2025-02-13 20:41:02.460 [D] [vhost/vhost.go:208] get hostname from http/https request error: tls: first record does not look like a TLS handshake
2025-02-13 20:41:02.521 [D] [vhost/vhost.go:208] get hostname from http/https request error: tls: first record does not look like a TLS handshake
2025-02-13 20:41:02.549 [D] [vhost/vhost.go:208] get hostname from http/https request error: tls: first record does not look like a TLS handshake

Steps to reproduce

...

Affected area

• Docs
• Installation
• Performance and Scalability
• Security
• User Experience
• Test and Release
• Developer Infrastructure
• Client Plugin
• Server Plugin
• Extensions
• Others

Originally created by @jaimeph on GitHub (Feb 13, 2025). Original GitHub issue: https://github.com/fatedier/frp/issues/4670 ### Bug Description I have configured: 1. DNS *.test.com, test.com. 2. Same certificate with both DNS. 3. A Load Balancer that loads the certificate. 4. An IP associated to the Load Balancer which in turn goes to frps, under port 443. 5. When I launch a request to https://abc.test.com, frps returns this error: `get hostname from http/https request error: tls: first record does not look like a TLS handshake` What could be happening? ### frpc Version 0.61.1 ### frps Version 0.61.1 ### System Architecture linux/amd64 ### Configurations ``` bindPort = 7000 # vhostHTTPPort = 80 vhostHTTPSPort = 443 transport.tls.force = false auth.method = "token" auth.token = "*****" maxPortsPerClient = 1 subDomainHost = "test.com" log.level = "trace" # custom404Page = "/config/404.html" webServer.addr = "127.0.0.1" webServer.port = 7500 webServer.user = "admin" webServer.password = "admin" ``` ### Logs Waiting for the file /config/frps.toml... File found! 2025-02-13 20:40:54.331 [I] [frps/root.go:105] frps uses config file: /config/frps.toml 2025-02-13 20:40:54.685 [I] [server/service.go:237] frps tcp listen on 0.0.0.0:7000 2025-02-13 20:40:54.685 [I] [server/service.go:319] https service listen on 0.0.0.0:443 2025-02-13 20:40:54.685 [I] [frps/root.go:114] frps started successfully 2025-02-13 20:40:54.685 [I] [server/service.go:351] dashboard listen on 127.0.0.1:7500 2025-02-13 20:41:02.433 [D] [vhost/vhost.go:208] get hostname from http/https request error: tls: first record does not look like a TLS handshake 2025-02-13 20:41:02.460 [D] [vhost/vhost.go:208] get hostname from http/https request error: tls: first record does not look like a TLS handshake 2025-02-13 20:41:02.521 [D] [vhost/vhost.go:208] get hostname from http/https request error: tls: first record does not look like a TLS handshake 2025-02-13 20:41:02.549 [D] [vhost/vhost.go:208] get hostname from http/https request error: tls: first record does not look like a TLS handshake ### Steps to reproduce 1. 2. 3. ... ### Affected area - [ ] Docs - [ ] Installation - [ ] Performance and Scalability - [x] Security - [x] User Experience - [ ] Test and Release - [ ] Developer Infrastructure - [ ] Client Plugin - [ ] Server Plugin - [ ] Extensions - [ ] Others

gitea-mirror 2026-05-05 14:21:54 -06:00

• closed this issue
• added the
  lifecycle/stale
  label

gitea-mirror commented 2026-05-05 14:21:59 -06:00

Author

Owner

Copy link

@github-actions[bot] commented on GitHub (Feb 28, 2025):

Issues go stale after 14d of inactivity. Stale issues rot after an additional 3d of inactivity and eventually close.

<!-- gh-comment-id:2689424590 --> @github-actions[bot] commented on GitHub (Feb 28, 2025): Issues go stale after 14d of inactivity. Stale issues rot after an additional 3d of inactivity and eventually close.

gitea-mirror commented 2026-05-05 14:22:00 -06:00

Author

Owner

Copy link

@dishpzga commented on GitHub (Apr 21, 2025):

遇到了同样的问题，兄弟解决了吗

<!-- gh-comment-id:2817976556 --> @dishpzga commented on GitHub (Apr 21, 2025): 遇到了同样的问题，兄弟解决了吗

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

dev

new

master

copilot/review-pull-request-5198

v0.68.1

v0.68.0

v0.67.0

v0.66.0

v0.65.0

v0.64.0

v0.63.0

v0.62.1

v0.62.0

v0.61.2

v0.61.1

v0.61.0

v0.60.0

v0.59.0

v0.58.1

v0.58.0

v0.57.0

v0.56.0

v0.55.1

v0.55.0

v0.54.0

v0.53.2

v0.53.1

v0.53.0

v0.52.3

v0.52.2

v0.52.1

v0.52.0

v0.51.3

v0.51.2

v0.51.1

v0.51.0

v0.50.0

v0.49.0

v0.48.0

v0.47.0

v0.46.1

v0.46.0

v0.45.0

v0.44.0

v0.43.0

v0.42.0

v0.41.0

v0.40.0

v0.39.1

v0.39.0

v0.38.0

v0.37.1

v0.37.0

v0.36.2

v0.36.1

v0.36.0

v0.35.1

v0.35.0

v0.34.3

v0.34.2

v0.34.1

v0.34.0

v0.33.0

v0.32.1

v0.32.0

v0.31.2

v0.31.1

v0.31.0

v0.30.0

v0.29.1

v0.29.0

v0.28.2

v0.28.1

v0.28.0

v0.27.1

v0.27.0

v0.26.0

v0.25.3

v0.25.2

v0.25.1

v0.25.0

v0.24.1

v0.24.0

v0.23.3

v0.23.2

v0.23.1

v0.23.0

v0.22.0

v0.21.0

v0.20.0

v0.19.1

v0.19.0

v0.18.0

v0.17.0

v0.16.1

v0.16.0

v0.15.1

v0.15.0

v0.14.1

v0.14.0

v0.13.0

v0.12.0

v0.11.0

v0.10.0

v0.9.3

v0.9.2

v0.9.1

v0.9.0

v0.8.1

v0.8.0

v0.7.0

v0.6.0

v0.5.0

v0.3.0

v0.2.0

v0.1.0

Labels

Clear labels   

In Progress

  

WIP

  

WaitingForInfo

  

bug

  

doc

  

duplicate

  

easy

  

enhancement

  

future

  

help wanted

  

invalid

  

lifecycle/stale

  

need-issue-template

  

need-usage-help

  

no plan

  

proposal

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

todo

No labels

In Progress

WIP

WaitingForInfo

bug

doc

duplicate

easy

enhancement

future

help wanted

invalid

lifecycle/stale

need-issue-template

need-usage-help

no plan

proposal

pull-request

question

todo

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/frp#3687

No description provided.