Yo Hal! On Thu, 13 Jun 2019 13:30:04 -0700 Hal Murray <hmur...@megapathdsl.net> wrote:
> > I think the other end is on TLS 1.3 only, but my end only supports
> > TLS 1.2
>
> Well, if that's the setup, it's not going to work. It should be
> possible to setup a test case.
>
> We might be able to produce a better error message. What was the
> surrounding log info?
> (That stuff has fallen out of my cache.)
Here is the whole thing:
2019-06-13T13:26:16 ntpd[6106]: DNS: dns_probe: time.cloudflare.com:1234, cast_f
lags:1, flags:21801
2019-06-13T13:26:16 ntpd[6106]: NTSc: DNS lookup of time.cloudflare.com:1234 too
k 0.085 sec
2019-06-13T13:26:16 ntpd[6106]: NTSc: nts_probe connecting to
time.cloudflare.com:1234 => [2606:4700:f1::1]:123
2019-06-13T13:26:16 ntpd[6106]: NTSc: set cert host: time.cloudflare.com
2019-06-13T13:26:16 ntpd[6106]: NTSc: SSL_connect failed
2019-06-13T13:26:16 ntpd[6106]: NTS: error:1409442E:SSL
routines:ssl3_read_bytes:tlsv1 alert protocol version
2019-06-13T13:26:16 ntpd[6106]: NTSc: NTS-KE req to time.cloudflare.com:1234
took 0.116 sec, fail
2019-06-13T13:26:16 ntpd[6106]: DNS: dns_check: processing
time.cloudflare.com:1234, 1, 21801
2019-06-13T13:26:16 ntpd[6106]: DNS: dns_take_status:
time.cloudflare.com:1234=>error, 12
I'm inclined to ignore TLS 1.3 until the openssl 1.1.1 bugs are worked out.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
g...@rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
pgpMtUxyRN60_.pgp
Description: OpenPGP digital signature
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
