Yo Hal! On Thu, 13 Jun 2019 13:30:04 -0700 Hal Murray <hmur...@megapathdsl.net> wrote:
> > I think the other end is on TLS 1.3 only, but my end only supports > > TLS 1.2 > > Well, if that's the setup, it's not going to work. It should be > possible to setup a test case. > > We might be able to produce a better error message. What was the > surrounding log info? > (That stuff has fallen out of my cache.) Here is the whole thing: 2019-06-13T13:26:16 ntpd[6106]: DNS: dns_probe: time.cloudflare.com:1234, cast_f lags:1, flags:21801 2019-06-13T13:26:16 ntpd[6106]: NTSc: DNS lookup of time.cloudflare.com:1234 too k 0.085 sec 2019-06-13T13:26:16 ntpd[6106]: NTSc: nts_probe connecting to time.cloudflare.com:1234 => [2606:4700:f1::1]:123 2019-06-13T13:26:16 ntpd[6106]: NTSc: set cert host: time.cloudflare.com 2019-06-13T13:26:16 ntpd[6106]: NTSc: SSL_connect failed 2019-06-13T13:26:16 ntpd[6106]: NTS: error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version 2019-06-13T13:26:16 ntpd[6106]: NTSc: NTS-KE req to time.cloudflare.com:1234 took 0.116 sec, fail 2019-06-13T13:26:16 ntpd[6106]: DNS: dns_check: processing time.cloudflare.com:1234, 1, 21801 2019-06-13T13:26:16 ntpd[6106]: DNS: dns_take_status: time.cloudflare.com:1234=>error, 12 I'm inclined to ignore TLS 1.3 until the openssl 1.1.1 bugs are worked out. RGDS GARY --------------------------------------------------------------------------- Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703 g...@rellim.com Tel:+1 541 382 8588 Veritas liberabit vos. -- Quid est veritas? "If you can’t measure it, you can’t improve it." - Lord Kelvin
pgpMtUxyRN60_.pgp
Description: OpenPGP digital signature
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel