[Git][NTPsec/ntpsec][master] Doc update - address bug #434
Matt Selsky
gitlab at mg.gitlab.com
Sun Dec 31 20:37:30 UTC 2017
Matt Selsky pushed to branch master at NTPsec / ntpsec
Commits:
8d2d9ab0 by James Browning at 2017-12-31T11:29:31-08:00
Doc update - address bug #434
update for OpenSSL now required to build
- - - - -
3 changed files:
- docs/authentic.txt
- docs/includes/ntpq-body.txt
- docs/ntpkeygen.txt
Changes:
=====================================
docs/authentic.txt
=====================================
--- a/docs/authentic.txt
+++ b/docs/authentic.txt
@@ -147,23 +147,15 @@ The NTP standards include symmetric (private-key) authentication using
the RSA Message Digest 5 (MD5) algorithm, commonly called
keyed-MD5. This algorithm computes a message digest or one-way hash
which can be used to verify the client has the same message digest as
-the server. The MD5 message digest algorithm is included in the
-distribution, so without further cryptographic support, the
-distribution can be freely exported.
+the server.
-If the OpenSSL cryptographic library is installed prior to building the
-distribution, all message digest algorithms included in the library may
+All message digest algorithms included in the OpenSSL library may
be used, including MD5 and SHA1. However, if conformance to FIPS 140-2
-is required, only a limited subset of these algorithms can be used. This
-library is available from http://www.openssl.org and can be installed
-using the procedures outlined in the link:build.html[Building and
-Installing the Distribution] page. Once installed, the configure and
-build process automatically detects the library and links the library
-routines required.
+is required, only a limited subset of these algorithms can be used.
Note that according to US law, NTP binaries including OpenSSL library
components, including the OpenSSL library itself, cannot be exported
-outside the US without license from the US Department of Commerce.
+outside the US without a license from the US Department of Commerce.
(However, these restrictions have been considerably relaxed since 1996.)
Builders outside the US are advised to obtain the OpenSSL library
directly from OpenSSL, which is outside the US, and build outside the
=====================================
docs/includes/ntpq-body.txt
=====================================
--- a/docs/includes/ntpq-body.txt
+++ b/docs/includes/ntpq-body.txt
@@ -173,8 +173,8 @@ following.
+keytype+::
Specify the digest algorithm to use for authenticated requests, with
- default +MD5+. If the OpenSSL library is installed, digest can be
- any message digest algorithm supported by the library. The current
+ default +MD5+. The digest can be
+ any message digest algorithm supported by the OpenSSL library. The current
selections are: +MD2+, +MD4+, +MD5+, +MDC2+, +RIPEMD160+ and +SHA1+.
+ntpversion 1 | 2 | 3 | 4+::
=====================================
docs/ntpkeygen.txt
=====================================
--- a/docs/ntpkeygen.txt
+++ b/docs/ntpkeygen.txt
@@ -40,10 +40,8 @@ Figure 1 shows a typical symmetric keys file used by the reference
implementation. Each line of the file contains three fields, first an
integer between 1 and 65534, inclusive, representing the key identifier
used in the `server` and `peer` configuration commands. Next is the key
-type for the message digest algorithm, which in the absence of the
-OpenSSL library must be `MD5` to designate the MD5 message digest
-algorithm. If the OpenSSL library is installed, the key type can be any
-message digest algorithm supported by that library. However, if
+type for the message digest algorithm, which can be any
+message digest algorithm supported by the OpenSSL library. However, if
compatibility with FIPS 140-2 is required, the key type must be
`SHA1`. The key type can be changed using an ASCII text editor.
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/8d2d9ab04a6311e6918d86f8313131c6c1328c6e
---
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/8d2d9ab04a6311e6918d86f8313131c6c1328c6e
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20171231/78f8fb4c/attachment.html>
More information about the vc
mailing list