Yo Hal!

On Thu, 13 Jun 2019 13:30:04 -0700
Hal Murray <hmur...@megapathdsl.net> wrote:

> > I think the other end is on TLS 1.3 only, but my end only supports
> > TLS 1.2  
> 
> Well, if that's the setup, it's not going to work.  It should be
> possible to setup a test case.
> 
> We might be able to produce a better error message.  What was the
> surrounding log info?
> (That stuff has fallen out of my cache.)


Here is the whole thing:

2019-06-13T13:26:16 ntpd[6106]: DNS: dns_probe: time.cloudflare.com:1234, cast_f
lags:1, flags:21801
2019-06-13T13:26:16 ntpd[6106]: NTSc: DNS lookup of time.cloudflare.com:1234 too
k 0.085 sec
2019-06-13T13:26:16 ntpd[6106]: NTSc: nts_probe connecting to 
time.cloudflare.com:1234 => [2606:4700:f1::1]:123
2019-06-13T13:26:16 ntpd[6106]: NTSc: set cert host: time.cloudflare.com
2019-06-13T13:26:16 ntpd[6106]: NTSc: SSL_connect failed
2019-06-13T13:26:16 ntpd[6106]: NTS: error:1409442E:SSL 
routines:ssl3_read_bytes:tlsv1 alert protocol version
2019-06-13T13:26:16 ntpd[6106]: NTSc: NTS-KE req to time.cloudflare.com:1234 
took 0.116 sec, fail
2019-06-13T13:26:16 ntpd[6106]: DNS: dns_check: processing 
time.cloudflare.com:1234, 1, 21801
2019-06-13T13:26:16 ntpd[6106]: DNS: dns_take_status: 
time.cloudflare.com:1234=>error, 12


I'm inclined to ignore TLS 1.3 until the openssl 1.1.1 bugs are worked out.



RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
        g...@rellim.com  Tel:+1 541 382 8588

            Veritas liberabit vos. -- Quid est veritas?
    "If you can’t measure it, you can’t improve it." - Lord Kelvin

Attachment: pgpMtUxyRN60_.pgp
Description: OpenPGP digital signature

_______________________________________________
devel mailing list
devel@ntpsec.org
http://lists.ntpsec.org/mailman/listinfo/devel

Reply via email to