Comments (5)
The http2 library is very specific about what cipher suites are allowed.
https://github.com/bradfitz/http2/blob/b6255645465a25b25f804acb9b3a54009e80c2a4/server.go#L228-L302
If you are getting this error on a large network I would wonder about some sort of MITM device. An IDS or IPS that is trying to force its requirements on the connection.
Out of curiosity, if you change the ssl port to a non default port (22443) and try to connect, what happens?
Jared
from caddy.
As soon as I can try, I will let you know, because that's a good idea. I know for a fact that the campus is using an SSL proxy (grrr but oh well). And thanks for the link, I hadn't noticed that before. And I would think immediately that must be it, except that I can load https://http2.golang.org just fine on campus. Wonder if it has something to do with SNI...
from caddy.
I'm going to close this for now. I think it's out of our control which ciphers the clients/MITM support. And I haven't heard anyone else have the same problem.
from caddy.
I ran into this error tonight while trying to add a new virtual host in my Caddyfile
2017/12/08 04:56:24 [ERROR] Maintaining newly-loaded certificate for EXAMPLE.COM get directory at 'https://acme-v01.api.letsencrypt.org/directory': failed to get json "https://acme-v01.api.letsencrypt.org/directory": Get https://acme-v01.api.letsencrypt.org/directory: x509: failed to load system roots and no roots provided
2017/12/08 04:56:24 http: TLS handshake error from IP-ADDRESS:57270: tls: no cipher suite supported by both client and server
I run caddy in a docker container (alpine base image). I was able to correct the problem like this:
docker exec -it --user root THE-CONTAINER-ID sh
apk add ca-certificates
exit
docker restart THE-CONTAINER-ID
I think that the root certificates baked into my docker image are out of date. The final message about no cipher suite
seems misleading. The error immediately before it about roots
is what made me think to update the ca-certificates.
from caddy.
Yeah, I think it's generally accepted that you need to install ca-certificates
or something that requires it if you need to do any networking with HTTPS from inside a container. For example, see https://github.com/abiosoft/caddy-docker/blob/master/Dockerfile (probably the most popular Caddy docker image), which installs git
, which has a dependency of libcurl
, which has a dependency of ca-certificates
. (see here: https://pkgs.alpinelinux.org/package/v3.6/main/x86_64/git)
from caddy.
Related Issues (20)
- Caddy Web GUI HTTPs invalid HOT 1
- Client ends HTTP TLS session with RST
- HTTP3 response payload missing from the packet capture HOT 3
- No matching certificate to load: decoding certificate metadata: invalid character '}' HOT 10
- no certificate available for <docker container ip> HOT 1
- Accommodate `Policy` Changes in `github.com/pires/go-proxyproto` HOT 3
- Question: Reverse tunneling to caddy behind a NAT HOT 2
- dynamic a resolvers being bypassed if entry is in /etc/hosts HOT 1
- [reverse_proxy] active_health check to http endpoint does not work when upstream is via ssl/tls HOT 2
- reverse_proxy handle_response not support status HOT 1
- [Question] Host modules HOT 16
- global header HOT 2
- Weird broken loop with 308 Permanent Redirect on php_fastcgi HOT 10
- How to set up a reverse proxy for a non-local host, I didn't find any relevant examples in the official documentation HOT 1
- http_redirect module prefer 307 Temporary Redirect HOT 2
- header_regexp does not behave as expected in an expression
- [feature request]reverse_proxy can setting source address for connecting upstreams
- [windows] cannot run executable found relative to current directory HOT 6
- ReverseProxy: Multiple BasicAuth queries in succession HOT 1
- Jellyfin being reverse proxied through Caddy with Cloudflare challenge is failing to playback only on LAN HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from caddy.