There's not a lot of information to go on here. Could you provide output with -d2 added so that we can see what the script is returning and what it claims it is seeing?

My guess is that it's some implementation of TLS that returns a different fatal alert than "unexpected_message" when it receives the out-of-order ChangeCipherSpec message. I'm going to try improving the script to bail out early (non-vulnerable) if any fatal error is received upon sending the first CCS message, and only send the second one to be sure. I'll also dig through the history on this one: none of the other check scripts out there send more than one CCS message.

Sorry, I should have snagged this output before. Here's the debug messages. I confirmed with the metasploit modules just now that the same IP isn't listed as vulnerable.

nmap -sT -p 443 --script ssl-ccs-injection -d2 IPADDY
Starting Nmap 7.70SVN ( https://nmap.org ) at 2018-09-11 16:31 EDT
Fetchfile found /usr/local/bin/../share/nmap/nmap-services
Fetchfile found /usr/local/bin/../share/nmap/nmap.xsl
The max # of sockets we are using is: 0
--------------- Timing report ---------------
hostgroups: min 1, max 100000
rtt-timeouts: init 1000, min 100, max 10000
max-scan-delay: TCP 1000, UDP 1000, SCTP 1000
parallelism: min 0, max 0
max-retries: 10, host-timeout: 0
min-rate: 0, max-rate: 0

NSE: Using Lua 5.3.
Fetchfile found /usr/local/bin/../share/nmap/nse_main.lua
Fetchfile found /usr/local/bin/../share/nmap/nselib/lpeg-utility.lua
Fetchfile found /usr/local/bin/../share/nmap/nselib/stdnse.lua
Fetchfile found /usr/local/bin/../share/nmap/nselib/strict.lua
Fetchfile found /usr/local/bin/../share/nmap/scripts/script.db
NSE: Arguments from CLI:
Fetchfile found /usr/local/bin/../share/nmap/scripts/ssl-ccs-injection.nse
NSE: Script ssl-ccs-injection.nse was selected by name.
Fetchfile found /usr/local/bin/../share/nmap/nselib/shortport.lua
Fetchfile found /usr/local/bin/../share/nmap/nselib/sslcert.lua
Fetchfile found /usr/local/bin/../share/nmap/nselib/asn1.lua
Fetchfile found /usr/local/bin/../share/nmap/nselib/unittest.lua
Fetchfile found /usr/local/bin/../share/nmap/nselib/nsedebug.lua
Fetchfile found /usr/local/bin/../share/nmap/nselib/listop.lua
Fetchfile found /usr/local/bin/../share/nmap/nselib/bin.lua
Fetchfile found /usr/local/bin/../share/nmap/nselib/comm.lua
Fetchfile found /usr/local/bin/../share/nmap/nselib/ftp.lua
Fetchfile found /usr/local/bin/../share/nmap/nselib/ipOps.lua
Fetchfile found /usr/local/bin/../share/nmap/nselib/ldap.lua
Fetchfile found /usr/local/bin/../share/nmap/nselib/match.lua
Fetchfile found /usr/local/bin/../share/nmap/nselib/mssql.lua
Fetchfile found /usr/local/bin/../share/nmap/nselib/bit.lua
Fetchfile found /usr/local/bin/../share/nmap/nselib/smb.lua
Fetchfile found /usr/local/bin/../share/nmap/nselib/netbios.lua
Fetchfile found /usr/local/bin/../share/nmap/nselib/dns.lua
Fetchfile found /usr/local/bin/../share/nmap/nselib/base32.lua
Fetchfile found /usr/local/bin/../share/nmap/nselib/smbauth.lua
Fetchfile found /usr/local/bin/../share/nmap/nselib/unicode.lua
Fetchfile found /usr/local/bin/../share/nmap/nselib/smb2.lua
Fetchfile found /usr/local/bin/../share/nmap/nselib/strbuf.lua
Fetchfile found /usr/local/bin/../share/nmap/nselib/smtp.lua
Fetchfile found /usr/local/bin/../share/nmap/nselib/base64.lua
Fetchfile found /usr/local/bin/../share/nmap/nselib/sasl.lua
Fetchfile found /usr/local/bin/../share/nmap/nselib/tls.lua
Fetchfile found /usr/local/bin/../share/nmap/nselib/vnc.lua
Fetchfile found /usr/local/bin/../share/nmap/nselib/bits.lua
Fetchfile found /usr/local/bin/../share/nmap/nselib/xmpp.lua
Fetchfile found /usr/local/bin/../share/nmap/nselib/vulns.lua
NSE: Loaded 1 scripts for scanning.
NSE: Loaded '/usr/local/bin/../share/nmap/scripts/ssl-ccs-injection.nse'.
NSE: Script Pre-scanning.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 16:31
Completed NSE at 16:31, 0.00s elapsed
Fetchfile found /usr/local/bin/../share/nmap/nmap-payloads
Initiating Ping Scan at 16:31
Scanning IPADDY[4 ports]
Packet capture filter (device tun0): dst host IPADDY and (icmp or icmp6 or ((tcp or udp or sctp) and (src host IPADDY)))
We got a TCP ping packet back from IPADDY port 443 (trynum = 0)
ultrascan_host_probe_update called for machine IPADDY state UNKNOWN -> HOST_UP (trynum 0 time: 177000)
Changing ping technique for IPADDY to tcp to port 443; flags: S
Changing global ping host to IPADDY.
Completed Ping Scan at 16:31, 0.23s elapsed (1 total hosts)
Overall sending rates: 17.52 packets / s, 665.89 bytes / s.
mass_rdns: Using DNS server IPADDY
NSOCK INFO [0.7240s] nsock_iod_new2(): nsock_iod_new (IOD #1)
NSOCK INFO [0.7240s] nsock_connect_udp(): UDP connection requested to IPADDY:53 (IOD #1) EID 8
NSOCK INFO [0.7240s] nsock_read(): Read request from IOD #1 [IPADDY:53] (timeout: -1ms) EID 18
Initiating Parallel DNS resolution of 1 host. at 16:31
NSOCK INFO [0.7240s] nsock_write(): Write request for 43 bytes to IOD #1 EID 27 [IPADDY:53]
NSOCK INFO [0.7240s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 8 [IPADDY:53]
NSOCK INFO [0.7240s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 27 [IPADDY:53]
NSOCK INFO [1.7760s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 18 [IPADDY:53] (115 bytes)
NSOCK INFO [1.7760s] nsock_read(): Read request from IOD #1 [IPADDY:53] (timeout: -1ms) EID 34
NSOCK INFO [1.7760s] nsock_iod_delete(): nsock_iod_delete (IOD #1)
NSOCK INFO [1.7760s] nevent_delete(): nevent_delete on event #34 (type READ)
mass_rdns: 1.05s 0/1 [#: 1, OK: 0, NX: 0, DR: 0, SF: 0, TR: 1]
Completed Parallel DNS resolution of 1 host. at 16:31, 1.05s elapsed
DNS resolution of 1 IPs took 1.05s. Mode: Async [#: 1, OK: 0, NX: 1, DR: 0, SF: 0, TR: 1, CN: 0]
Initiating Connect Scan at 16:31
IPADDY pingprobe type TCP is inappropriate for this scan type; resetting.
Scanning IPADDY [1 port]
Discovered open port 443/tcp on IPADDY
Changing ping technique for IPADDY to connect to port 443
Changing global ping host to IPADDY.
Completed Connect Scan at 16:31, 0.04s elapsed (1 total ports)
Overall sending rates: 28.45 packets / s.
NSE: Script scanning IPADDY.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 16:31
NSE: Starting ssl-ccs-injection M:55d0aeef6768 against IPADDY:443.
NSOCK INFO [1.7760s] nsock_iod_new2(): nsock_iod_new (IOD #1)
NSOCK INFO [1.8120s] nsock_connect_tcp(): TCP connection requested to IPADDY:443 (IOD #1) EID 8
NSOCK INFO [1.8440s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 8 [IPADDY:443]
NSOCK INFO [1.8440s] nsock_write(): Write request for 818 bytes to IOD #1 EID 19 [IPADDY:443]
NSOCK INFO [1.8450s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 19 [IPADDY:443]
NSOCK INFO [1.8450s] nsock_readbytes(): Read request for 5 bytes from IOD #1 [IPADDY:443] EID 26
NSOCK INFO [1.8770s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 26 [IPADDY:443] (1340 bytes)
NSOCK INFO [1.8770s] nsock_readbytes(): Read request for 3576 bytes from IOD #1 [IPADDY:443] EID 34
NSOCK INFO [1.9100s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 34 [IPADDY:443] (4115 bytes)
NSE: [ssl-ccs-injection M:55d0aeef6768 IPADDY:443] Unknown handshake message type: server_key_exchange
NSE: [ssl-ccs-injection M:55d0aeef6768 IPADDY:443] Unknown handshake message type: server_hello_done
NSE: [ssl-ccs-injection M:55d0aeef6768 IPADDY:443] Handshake completed (TLSv1.1)
NSOCK INFO [1.9110s] nsock_write(): Write request for 6 bytes to IOD #1 EID 43 [IPADDY:443]
NSOCK INFO [1.9110s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 43 [IPADDY:443]
NSOCK INFO [1.9110s] nsock_write(): Write request for 6 bytes to IOD #1 EID 51 [IPADDY:443]
NSOCK INFO [1.9110s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 51 [IPADDY:443]
NSOCK INFO [1.9110s] nsock_readbytes(): Read request for 5 bytes from IOD #1 [IPADDY:443] EID 58
NSOCK INFO [1.9400s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 58 [IPADDY:443] (7 bytes): ......(
NSE: [ssl-ccs-injection M:55d0aeef6768 IPADDY:443] Vulnerable - alert is not UNEXPECTED_MESSAGE
NSOCK INFO [1.9400s] nsock_iod_delete(): nsock_iod_delete (IOD #1)
NSE: Finished ssl-ccs-injection M:55d0aeef6768 against IPADDY:443.
Completed NSE at 16:31, 0.13s elapsed
Nmap scan report for IPADDY
Host is up, received syn-ack ttl 247 (0.070s latency).
Scanned at 2018-09-11 16:31:07 EDT for 1s

PORT STATE SERVICE REASON
443/tcp open https syn-ack
| ssl-ccs-injection:
| VULNERABLE:
| SSL/TLS MITM vulnerability (CCS Injection)
| State: VULNERABLE
| Risk factor: High
| OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h
| does not properly restrict processing of ChangeCipherSpec messages,
| which allows man-in-the-middle attackers to trigger use of a zero
| length master key in certain OpenSSL-to-OpenSSL communications, and
| consequently hijack sessions or obtain sensitive information, via
| a crafted TLS handshake, aka the "CCS Injection" vulnerability.
|
| References:
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
| http://www.cvedetails.com/cve/2014-0224
|_ http://www.openssl.org/news/secadv_20140605.txt
Final times for host: srtt: 69891 rttvar: 66102 to: 334299

NSE: Script Post-scanning.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 16:31
Completed NSE at 16:31, 0.00s elapsed
Read from /usr/local/bin/../share/nmap: nmap-payloads nmap-services.
Nmap done: 1 IP address (1 host up) scanned in 1.94 seconds
Raw packets sent: 4 (152B) | Rcvd: 1 (44B)