OpenSSL error when connecting to Caddy via non-standard port

1. Caddy version (caddy version):

v2.2.1 h1:Q62GWHMtztnvyRU+KPOpw6fNfeCD3SkwH7SfT1Tgt2c=


2. How I run Caddy:

(In a docker container)

/root/caddy start -config /root/Caddyfile

Port 42280 is mapped from host to container

a. System environment:

Docker, Container is CentOS Linux release 7.8.2003. Not running under systemd.

b. Command:

/root/caddy start -config /root/Caddyfile

c. Service/unit/compose file:

docker run -p 42280:42280 -p 42281:42281 -p 42282:42282 --name amaranth-cow -td centos:centos7

Apps were installed after the container was created so its just that.

d. My complete Caddyfile or JSON config:

reverse_proxy localhost:42283
log {
  output stdout
tls {
  dns route53 {
    max_retries 1
  protocols tls1.2 tls1.2

3. The problem I’m having:

We use an application called Adobe Campaign that has a client - server architecture via HTTP. I use Caddy to provide easy HTTPs for this application. The server component doesn’t come into play with this problem. Normally, Caddy works for this application, but only under the default HTTPs port.

However, when trying to connect to Caddy with we get a wrapped error like so:

'lOB-090013 error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error (code 336032824)‘

Connecting to that host via that port works in Chrome no problem: (behind a firewall so you’ll have to take my word).

I assumed it may have been an issue with the version of OpenSSL after identifying that the app uses OpenSSL 1.0.2n. But it seems to be related to the non-standard port and likely a misbehaving client application which is outside my control.

From other docs it seems like this might be a problem with SNI, that Caddy doesn’t know which cert to serve (working as intended).

In section 4 I will post the Wireshark excerpts, but you will see that in the SNI the application specifies the port.

Server Name:

I think this is a programming error on the client given that in the browser it does not specify the port in the SNI when connecting.

I don’t think the default-sni applies here as the SNI is set as you will see in the wireshark logs.

So my question: is there a way to tell Caddy to serve my auto tls certificate to this SNI? Or am I miss-understanding the issue perhaps.

4. Error messages and/or full log output:

'lOB-090013 error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error (code 336032824)‘

Caddy is not emitting any details about the connection

{"level":"info","ts":1605730608.2423146,"msg":"using provided configuration","config_file":"/root/Caddyfile","config_adapter":""}
{"level":"info","ts":1605730608.247066,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["localhost:2019","[::1]:2019",""]}
{"level":"info","ts":1605730608.2475963,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
{"level":"info","ts":1605730608.24809,"logger":"http","msg":"enabling automatic TLS certificate management","domains":[""]}
{"level":"info","ts":1605730608.2619185,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc0002f6d20"}
{"level":"info","ts":1605730608.269086,"msg":"autosaved config","file":"/root/.config/caddy/autosave.json"}
{"level":"info","ts":1605730608.269109,"msg":"serving initial configuration"}
{"level":"info","ts":1605730608.2699318,"logger":"tls","msg":"cleaned up storage units"}

Wireshark Excerpts

Client hello:

Frame 33: 408 bytes on wire (3264 bits), 408 bytes captured (3264 bits) on interface \Device\NPF_{9550F48B-2214-4F4F-A11F-226D78FC5664}, id 0
Ethernet II, Src: IntelCor_e7:56:df (48:89:e7:e7:56:df), Dst: 12:02:71:8d:cb:7f (12:02:71:8d:cb:7f)
Internet Protocol Version 4, Src:, Dst:
Transmission Control Protocol, Src Port: 60614, Dst Port: 42280, Seq: 1, Ack: 1, Len: 354
Transport Layer Security
    TLSv1.2 Record Layer: Handshake Protocol: Client Hello
        Content Type: Handshake (22)
        Version: TLS 1.0 (0x0301)
        Length: 349
        Handshake Protocol: Client Hello
            Handshake Type: Client Hello (1)
            Length: 345
            Version: TLS 1.2 (0x0303)
            Random: c9ad1928a065a6b55f888e7294820980c888a605027a7ee95b7becc8396716f2
            Session ID Length: 0
            Cipher Suites Length: 172
            Cipher Suites (86 suites)
                Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)
                Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024)
                Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
                Cipher Suite: TLS_DH_DSS_WITH_AES_256_GCM_SHA384 (0x00a5)
                Cipher Suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 (0x00a3)
                Cipher Suite: TLS_DH_RSA_WITH_AES_256_GCM_SHA384 (0x00a1)
                Cipher Suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009f)
                Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006b)
                Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (0x006a)
                Cipher Suite: TLS_DH_RSA_WITH_AES_256_CBC_SHA256 (0x0069)
                Cipher Suite: TLS_DH_DSS_WITH_AES_256_CBC_SHA256 (0x0068)
                Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
                Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)
                Cipher Suite: TLS_DH_RSA_WITH_AES_256_CBC_SHA (0x0037)
                Cipher Suite: TLS_DH_DSS_WITH_AES_256_CBC_SHA (0x0036)
                Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0088)
                Cipher Suite: TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA (0x0087)
                Cipher Suite: TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0086)
                Cipher Suite: TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA (0x0085)
                Cipher Suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 (0xc032)
                Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02e)
                Cipher Suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 (0xc02a)
                Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 (0xc026)
                Cipher Suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA (0xc00f)
                Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA (0xc005)
                Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)
                Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)
                Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
                Cipher Suite: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0084)
                Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
                Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)
                Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
                Cipher Suite: TLS_DH_DSS_WITH_AES_128_GCM_SHA256 (0x00a4)
                Cipher Suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 (0x00a2)
                Cipher Suite: TLS_DH_RSA_WITH_AES_128_GCM_SHA256 (0x00a0)
                Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e)
                Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067)
                Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (0x0040)
                Cipher Suite: TLS_DH_RSA_WITH_AES_128_CBC_SHA256 (0x003f)
                Cipher Suite: TLS_DH_DSS_WITH_AES_128_CBC_SHA256 (0x003e)
                Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
                Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
                Cipher Suite: TLS_DH_RSA_WITH_AES_128_CBC_SHA (0x0031)
                Cipher Suite: TLS_DH_DSS_WITH_AES_128_CBC_SHA (0x0030)
                Cipher Suite: TLS_DHE_RSA_WITH_SEED_CBC_SHA (0x009a)
                Cipher Suite: TLS_DHE_DSS_WITH_SEED_CBC_SHA (0x0099)
                Cipher Suite: TLS_DH_RSA_WITH_SEED_CBC_SHA (0x0098)
                Cipher Suite: TLS_DH_DSS_WITH_SEED_CBC_SHA (0x0097)
                Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0045)
                Cipher Suite: TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA (0x0044)
                Cipher Suite: TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0043)
                Cipher Suite: TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA (0x0042)
                Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 (0xc031)
                Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02d)
                Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 (0xc029)
                Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 (0xc025)
                Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e)
                Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004)
                Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
                Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
                Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
                Cipher Suite: TLS_RSA_WITH_SEED_CBC_SHA (0x0096)
                Cipher Suite: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0041)
                Cipher Suite: TLS_RSA_WITH_IDEA_CBC_SHA (0x0007)
                Cipher Suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011)
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA (0xc007)
                Cipher Suite: TLS_ECDH_RSA_WITH_RC4_128_SHA (0xc00c)
                Cipher Suite: TLS_ECDH_ECDSA_WITH_RC4_128_SHA (0xc002)
                Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005)
                Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004)
                Cipher Suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012)
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008)
                Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
                Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)
                Cipher Suite: TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA (0x0010)
                Cipher Suite: TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA (0x000d)
                Cipher Suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA (0xc00d)
                Cipher Suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc003)
                Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
                Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
            Compression Methods Length: 1
            Compression Methods (1 method)
            Extensions Length: 132
            Extension: server_name (len=43)
                Type: server_name (0)
                Length: 43
                Server Name Indication extension
                    Server Name list length: 41
                    Server Name Type: host_name (0)
                    Server Name length: 38
                    Server Name:
            Extension: ec_point_formats (len=4)
                Type: ec_point_formats (11)
                Length: 4
                EC point formats Length: 3
                Elliptic curves point formats (3)
            Extension: supported_groups (len=28)
                Type: supported_groups (10)
                Length: 28
                Supported Groups List Length: 26
                Supported Groups (13 groups)
            Extension: session_ticket (len=0)
                Type: session_ticket (35)
                Length: 0
                Data (0 bytes)
            Extension: signature_algorithms (len=32)
                Type: signature_algorithms (13)
                Length: 32
                Signature Hash Algorithms Length: 30
                Signature Hash Algorithms (15 algorithms)
            Extension: heartbeat (len=1)
                Type: heartbeat (15)
                Length: 1
                Mode: Peer allowed to send requests (1)

Server Alert:

Frame 35: 61 bytes on wire (488 bits), 61 bytes captured (488 bits) on interface \Device\NPF_{9550F48B-2214-4F4F-A11F-226D78FC5664}, id 0
Ethernet II, Src: 12:02:71:8d:cb:7f (12:02:71:8d:cb:7f), Dst: IntelCor_e7:56:df (48:89:e7:e7:56:df)
Internet Protocol Version 4, Src:, Dst:
Transmission Control Protocol, Src Port: 42280, Dst Port: 60614, Seq: 1, Ack: 355, Len: 7
Transport Layer Security
    TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Internal Error)
        Content Type: Alert (21)
        Version: TLS 1.2 (0x0303)
        Length: 2
        Alert Message
            Level: Fatal (2)
            Description: Internal Error (80)

5. What I already tried:

Tried to downgrade TLS version assuming it was an issue with TLS versions.
Debugged the connection using wireshark.
Change the host port to match the caddy https port.
Works when not using a non-standard (443) port.
Works in Browsers/command line.
Tried to review the source code related to the SNI but it seems too complicated to follow.

6. Links to relevant resources:

I always suspect firewalls first, so make sure your network configuration is absolutely correct.

Correct, this is a bug in the client. RFC 6066 says:

the only server names supported are DNS hostnames

Enable debug mode in your Caddy config (see the global options, it’s called debug) and you will get more detailed logs.