ALPN checking
Hal Murray
hmurray at megapathdsl.net
Sat Aug 24 20:46:47 UTC 2019
I just pushed the code for the NTS client to check the ALPN selection returned
from the NTS server.
It logs one of 3 messages. Here are samples of 2 of them:
24 Aug 13:18:38 ntpd[28519]: NTSc: No ALPN from spidey.rellim.com (TLSv1.2)
24 Aug 13:18:43 ntpd[28519]: NTSc: Good ALPN from: time.cloudflare.com:1234
The 3rd case is when it gets back something other than "ntske/1".
I haven't found a test case for that one yet. If anybody still has a system
still running our old/buggy code, please let me know the IP Address.
Note that many systems are still using old versions of OpenSSL which only
support TLSv1.2 which doesn't support ALPN.
--
These are my opinions. I hate spam.
More information about the devel
mailing list