ALPN checking

Hal Murray hmurray at megapathdsl.net
Sat Aug 24 20:46:47 UTC 2019


I just pushed the code for the NTS client to check the ALPN selection returned 
from the NTS server.

It logs one of 3 messages.  Here are samples of 2 of them:

24 Aug 13:18:38 ntpd[28519]: NTSc: No ALPN from spidey.rellim.com (TLSv1.2)
24 Aug 13:18:43 ntpd[28519]: NTSc: Good ALPN from: time.cloudflare.com:1234

The 3rd case is when it gets back something other than "ntske/1".
I haven't found a test case for that one yet.  If anybody still has a system 
still running our old/buggy code, please let me know the IP Address.

Note that many systems are still using old versions of OpenSSL which only 
support TLSv1.2 which doesn't support ALPN.


-- 
These are my opinions.  I hate spam.





More information about the devel mailing list