Hi, This totally hosed all of my systems!!
I think relying on the internal "server_random" member of the ssl data structure is error prone and to me it's not unexpected that a server would randomize the timestamp part of their random ssl seed. The erroroneous code is in "src/tlsdate-helper.c" line 1207. My suggestion is that instead of changing the default server, instead default to using the HTTP Date header. This header is intended to contain the current time. I achieved this by changing the DAEMON_OPTS in /etc/default/tlsdated DAEMON_OPTS="-- /usr/bin/tlsdate -w" You also have to change how DAEMON_ARGS is set in /etc/init.d/tlsdated. Add this line after the line that sourced /etc/default/tlsdated: [ -r /etc/default/$NAME ] && . /etc/default/$NAME DAEMON_ARGS="-f /etc/tlsdate/tlsdated.conf $DAEMON_OPTS" Thanks, Rian -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org