Tls: client offered only unsupported versions: [301]

1. My Caddy version (caddy version):

v2.0.0-rc.3 docker caddy:alpine

2. How I run Caddy:

docker run -d --name dev_caddy -p 80:80 -p 443:443 -p 2019:2019 -v $PWD/Caddyfile:/etc/caddy/Caddyfile -v dev_caddy:/data caddy:alpine

a. System environment:

Centos 7
Docker version 19.03.6, build 369ce74a3c

d. My complete Caddyfile or JSON config: {
reverse_proxy {
to https://redserver.chuk.domain.local
transport http {
} {
reverse_proxy {
to https://148.xx.xx.xx
transport http {
reverse_proxy {
transport http {

3. The problem I’m having: is not accessible:
" This site can’t provide a secure connection"

4. Error messages and/or full log output:

http: TLS handshake error from 95.xx.xx.28:50955: tls: client offered only unsupported versions: [301]
http: TLS handshake error from 95.xx.xx.28:50956: EOF

5. What I already tried:

I tried:
tls {protocols tls1.0}, but “tls1.0” is unsupported directive

Site use self-signed certificate and work without caddy (in intranet).
WAC - is a latest Windows Admin Center (server 2019) with ntlm auth
$ echo | openssl s_client -connect -tls1_2 2>&1 | grep Protocol
Protocol : TLSv1.2
I use Microsoft Edge or Google Chrome

Hi @thdonatello, welcome to the Caddy community.

Per the v2 tls directive docs: tls (Caddyfile directive) — Caddy Documentation

The correct usage should be: {
  tls {
    protocols tls1.0

Edit: I’m informed Caddy v2 does not support TLS 1.0 at all, so the above will not work.

(See: caddy/values.go at d322de6b429e9f0bc589880b53373975dabcb997 · caddyserver/caddy · GitHub)

The error you’re getting:

indicates you may have put the directive in the wrong place. The tls directive must be within a site configuration block.

Ok! And how do I make this work with caddy?
It works well without caddy.

Upgrade your client to use modern, secure TLS protocols.

oh! Sorry, caddy did not receive a certificate LE :frowning:
Thank you!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.