secure parasitic rdate replacement
C Shell Ruby
Latest commit ae396da May 28, 2015 @ioerror bump to 0.0.13
Failed to load latest commit information.
ca-roots remove TÜRKTRUST from CA list post sub-ca mistakes Jan 7, 2013
dbus CHROMIUM: Initial work eventizing tlsdated Oct 30, 2013
etc Switch from www.ptb.de which is sending a randomised time to google.com. Apr 29, 2015
init continued merge issues: platform, debug, configs Sep 17, 2014
m4 Fix from Paul Wouters to build May 7, 2013
man Switch from www.ptb.de which is sending a randomised time to google.com. Apr 29, 2015
src Switch from www.ptb.de which is sending a randomised time to google.com. Apr 29, 2015
systemd Update systemd file Oct 25, 2014
tests continued merge overhaul Sep 18, 2014
.gitignore Update .gitignore to reflect ctags/vim usage Oct 30, 2013
.travis.yml Add libtool to .travis.yml Apr 19, 2013
AUTHORS add wad to AUTHORS Oct 22, 2014
CHANGELOG bump to 0.0.13 May 28, 2015
HACKING.md Lets integrate an image that shows build status Apr 19, 2013
HARDENING Add note on current state of affairs for Windows in HARDENING Apr 23, 2013
INSTALL add git-buildpackage to INSTALL Oct 13, 2014
LICENSE first commit Jan 18, 2012
Makefile.am Switch from www.ptb.de which is sending a randomised time to google.com. Apr 29, 2015
Makefile.android android build scripts and instructions Apr 12, 2013
README Update README to make it timeless, so to speak Nov 2, 2013
TLSDATEPOOL Idea for genepool.tlsdate.net; pool.ntp.org eat your heart out Aug 1, 2012
TODO remove TODO item Oct 25, 2014
apparmor-profile allow the unprivileged helper to read the time Oct 22, 2014
autogen.sh Start MinGW support Apr 24, 2013
configure.ac bump to 0.0.13 May 28, 2015
events.dot CHROMIUM: Initial work eventizing tlsdated Oct 30, 2013
mkfile initial plan9 build of tlsdate-helper-plan9.c, doesn't quite build an… Apr 15, 2013
run-tests continued merge overhaul Sep 18, 2014
test.conf Add integration testing. Jul 8, 2013
tlsdate-brew-formula.rb Update brew forumla for tlsdate Feb 14, 2013
tlsdate-seccomp-amd64.policy Add Seccomp-BPF policies to the repo. Jan 4, 2013
tlsdate-seccomp-arm.policy Add Seccomp-BPF policies to the repo. Jan 4, 2013
tlsdate-seccomp-x86.policy Add Seccomp-BPF policies to the repo. Jan 4, 2013

README

tlsdate: secure parasitic rdate replacement

 tlsdate sets the local clock by securely connecting with TLS to remote
 servers and extracting the remote time out of the secure handshake. Unlike
 ntpdate, tlsdate uses TCP, for instance connecting to a remote HTTPS or TLS
 enabled service, and provides some protection against adversaries that try to
 feed you malicious time information.

On Debian GNU/Linux and related systems, we provide an init.d script that
controls the tlsdated daemon. It will notice network changes and regularly
invoke tlsdate to keep the clock in sync. Start it like so:

  /etc/init.d/tlsdate start


Here is an example an unprivileged user fetching the remote time:

  % tlsdate -V -n -H encrypted.google.com
  Fri Apr 19 17:56:46 PDT 2013


This is an example run - starting as root and dropping to nobody, setting the
clock and printing it:

  % sudo tlsdate -V
  Fri Apr 19 17:57:49 PDT 2013


Here is an example with a custom host and custom port without verification:

  % sudo tlsdate --skip-verification -p 80 -H rgnx.net

Here is an example where a system may not have any kind of RTC at boot. Do the
time warp to restore sanity and do so with a leap of faith:

  % sudo tlsdate -V -l -t
  Fri Apr 19 18:08:03 PDT 2013


Some SSL/TLS services do not provide accurate time in their handshake process;
tlsdate may also be used to fetch time by processing the HTTP Date headers of
HTTP services:

  % sudo tlsdate -V -l -t -w
  Wed Oct 30 18:08:46 CET 2013