On Wed, Jul 25, 2018 at 02:30:19PM +0100, Stuart Henderson wrote: > The problem is that if the clock is wrong, the server's certificate > and/or OCSP stapling can't be validated (it either appears to have > expired, or not be valid yet), so ntpd is unable to connect using https > to check the time. > > Personally I am no fan of "constraints", I use local NTP servers and > trust the relevant parts of the network more than the RTC and batteries > on my machines, and don't really like sending potentially > fingerprintable external packets showing that a machine has rebooted, > so I usually disable it. Obviously opinions differ on this :-)
That makes sense. I very much agree. Disabling constraints now. Thank you. Bryan
