NTS and TLS
Gary E. Miller
gem at rellim.com
Thu Jun 13 20:38:08 UTC 2019
Yo Hal!
On Thu, 13 Jun 2019 13:30:04 -0700
Hal Murray <hmurray at megapathdsl.net> wrote:
> > I think the other end is on TLS 1.3 only, but my end only supports
> > TLS 1.2
>
> Well, if that's the setup, it's not going to work. It should be
> possible to setup a test case.
>
> We might be able to produce a better error message. What was the
> surrounding log info?
> (That stuff has fallen out of my cache.)
Here is the whole thing:
2019-06-13T13:26:16 ntpd[6106]: DNS: dns_probe: time.cloudflare.com:1234, cast_f
lags:1, flags:21801
2019-06-13T13:26:16 ntpd[6106]: NTSc: DNS lookup of time.cloudflare.com:1234 too
k 0.085 sec
2019-06-13T13:26:16 ntpd[6106]: NTSc: nts_probe connecting to time.cloudflare.com:1234 => [2606:4700:f1::1]:123
2019-06-13T13:26:16 ntpd[6106]: NTSc: set cert host: time.cloudflare.com
2019-06-13T13:26:16 ntpd[6106]: NTSc: SSL_connect failed
2019-06-13T13:26:16 ntpd[6106]: NTS: error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version
2019-06-13T13:26:16 ntpd[6106]: NTSc: NTS-KE req to time.cloudflare.com:1234 took 0.116 sec, fail
2019-06-13T13:26:16 ntpd[6106]: DNS: dns_check: processing time.cloudflare.com:1234, 1, 21801
2019-06-13T13:26:16 ntpd[6106]: DNS: dns_take_status: time.cloudflare.com:1234=>error, 12
I'm inclined to ignore TLS 1.3 until the openssl 1.1.1 bugs are worked out.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
gem at rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190613/865a9d14/attachment.bin>
More information about the devel
mailing list