> I also might have a local issue as I get:
> NTSc: certificate invalid: 20=>unable to get local issuer certificate
> (for the other servers mentioned at the howto page)
What OS/distro/version are you using?
Do you have the normal collection of root certificates installed? Are they up
to
On 10-12-2019 06:18, Udo van den Heuvel via devel wrote:
> Dec 10 05:52:57 s2 ntpd[984825]: NTSc: NTS-KE req to
> time.cloudflare.com:1234 took 0.070 sec, fail
I also might have a local issue as I get:
NTSc: certificate invalid: 20=>unable to get local issuer certificate
(for the other
On 10-12-2019 05:58, Hal Murray wrote:
> openssl s_client -showcerts -quiet time.cloudflare.com:1234
# openssl s_client -showcerts -quiet time.cloudflare.com:1234
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert
Global Root CA
verify return:1
depth=1 C = US, O = DigiCert
>> Also: NTSc: certificate invalid: 19=>self signed certificate in certificate
>> chain
> server time.cloudflare.com:1234 nts # TLS1.3 only
Weird. It works from here.
Is there anything interesting in?
openssl s_client -showcerts -quiet time.cloudflare.com:1234
I get:
depth=2 C = US, O =
On 10-12-2019 05:03, Hal Murray wrote:
>
>> Also: NTSc: certificate invalid: 19=>self signed certificate in certificate
>> chain
>
>> When I try nts as a client...
>
> Which host?
>
The first one in the howto:
Public NTP servers supporting NTS:
server time.cloudflare.com:1234 nts # TLS1.3
> Also: NTSc: certificate invalid: 19=>self signed certificate in certificate
> chain
> When I try nts as a client...
Which host?
--
These are my opinions. I hate spam.
___
devel mailing list
devel@ntpsec.org
On 09-12-2019 23:38, Paul Theodoropoulos via devel wrote:
> https://docs.ntpsec.org/latest/NTS-QuickStart.html
>
> If anyone has a contact over at cloudflare, you might ask them to
> correct this...
Also: NTSc: certificate invalid: 19=>self signed certificate in
certificate chain
When I try nts
I will do that, and re-read Quick-NTS (which was written early on).
--
Sanjeev Gupta
+65 98551208 http://www.linkedin.com/in/ghane
On Tue, Dec 10, 2019 at 7:22 AM Hal Murray via devel
wrote:
>
> > links to the NTPsec quickstart page -
> > https://docs.ntpsec.org/latest/quick.html
> >
https://www.ntpsec.org/contributor.html
links to hacking.txt (and mentions that inline), which is now hacking.adoc.
--
Richard
signature.asc
Description: OpenPGP digital signature
___
devel mailing list
devel@ntpsec.org
> links to the NTPsec quickstart page -
> https://docs.ntpsec.org/latest/quick.html
> which only discusses NTP, rather than NTS.
> The correct destination would be
> https://docs.ntpsec.org/latest/NTS-QuickStart.html
We should have links from each page to the other.
The NTS page should
I've forwarded your message to Watson Ladd.
On Mon, Dec 9, 2019, 17:38 Paul Theodoropoulos via devel
wrote:
> I just noticed that Cloudflare's documentation for NTS -
>
> https://developers.cloudflare.com/time-services/nts/usage/
>
> links to the NTPsec quickstart page -
>
>
Hal,
It looks like you broke building on macOS:
https://gitlab.com/NTPsec/ntpsec/commit/22c134c8b20e9a897fc5521df871606167067b2e
that links to the pipeline here:
https://gitlab.com/NTPsec/ntpsec/pipelines/101491292
which links to these failed jobs:
I just noticed that Cloudflare's documentation for NTS -
https://developers.cloudflare.com/time-services/nts/usage/
links to the NTPsec quickstart page -
https://docs.ntpsec.org/latest/quick.html
which only discusses NTP, rather than NTS.
The correct destination would be
On 12/9/19 2:56 AM, Hal Murray via devel wrote:
> Is there any reason to support anything older than TLS 1.2?
No. The NTS standard requires TLS 1.2 as a minimum (since NTS is a new
protocol, there is no need for backwards compatibility with old TLS).
--
Richard
signature.asc
Description:
On Mon, Dec 9, 2019, 11:35 AM Hal Murray via devel wrote:
>
> I haven't seen that mail recently.
>
I do not know. Quick bit of googling found
https://docs.gitlab.com/ee/user/project/integrations/emails_on_push.html
which might be related.
>
___
devel
I haven't seen that mail recently.
--
These are my opinions. I hate spam.
___
devel mailing list
devel@ntpsec.org
http://lists.ntpsec.org/mailman/listinfo/devel
Hal Murray via devel writes:
> Anybody running on macOS? Solaris? (Open)SUSE?
My two desktop machines run openSUSE Tumbleweed (rolling distro of the
latest and greatest), so I never have that problem there. SUSE
enterprise Linux is a slightly different story, but not as long in the
tooth
Anybody running on a system with really really old version of OpenSSL?
The spec requires ALPN. OpenSSL added support for ALPN in release 1.0.2
I'd like to require 1.0.2 or newer but don't want to yank the rug out from
underneath anybody. Is anybody running in an environment with an older
dfoxfra...@gmail.com said:
> Nonsense. ALPN predates TLS 1.3 by several years and RFC 7301 doesn't even
> restrict it to TLS 1.2 and up; it even can support 1.0.
Thanks for the heads up. I haven't been able to recreate how I associated
ALPN with needing TLS 1.3.
ALPN was added to OpenSSL
19 matches
Mail list logo
