| Jacob Appelbaum | 3bb69c8 | 2012-07-09 22:22:27 +0200 | [diff] [blame] | 1 | tlsdate: secure parasitic rdate replacement |
| 2 | |
| 3 | tlsdate sets the local clock by securely connecting with TLS to remote |
| 4 | servers and extracting the remote time out of the secure handshake. Unlike |
| 5 | ntpdate, tlsdate uses TCP, for instance connecting to a remote HTTPS or TLS |
| 6 | enabled service, and provides some protection against adversaries that try to |
| 7 | feed you malicious time information. |
| 8 | |
| Jacob Appelbaum | e205d62 | 2012-07-13 18:37:21 +0200 | [diff] [blame] | 9 | Here is an example an unprivileged user fetching the remote time: |
| 10 | |
| 11 | % tlsdate -v -V -n |
| 12 | V: tlsdate version 0.0.1 |
| 13 | V: We were called with the following arguments: |
| 14 | V: validate SSL certificates host = www.ptb.de:443 |
| 15 | V: time is currently 1342197117.577381 |
| 16 | V: using TLSv1_client_method() |
| 17 | V: SSL certificate verification passed |
| 18 | V: server time 1342197117 (difference is about 0 s) was fetched in 705 ms |
| 19 | Fri Jul 13 18:31:57 CEST 2012 |
| 20 | |
| 21 | |
| Jacob Appelbaum | af07cb5 | 2012-01-18 16:09:19 +1100 | [diff] [blame] | 22 | This is an example run - starting as root and dropping to nobody: |
| 23 | |
| Jacob Appelbaum | e205d62 | 2012-07-13 18:37:21 +0200 | [diff] [blame] | 24 | % sudo ./tlsdate -v |
| 25 | V: tlsdate version 0.0.1 |
| Jacob Appelbaum | af07cb5 | 2012-01-18 16:09:19 +1100 | [diff] [blame] | 26 | V: We were called with the following arguments: |
| Jacob Appelbaum | e205d62 | 2012-07-13 18:37:21 +0200 | [diff] [blame] | 27 | V: validate SSL certificates host = www.ptb.de:443 |
| 28 | V: time is currently 1342197222.273552 |
| 29 | V: using TLSv1_client_method() |
| 30 | V: SSL certificate verification passed |
| 31 | V: server time 1342197222 (difference is about 0 s) was fetched in 520 ms |
| 32 | V: setting time succeeded |
| Jacob Appelbaum | b6bfa08 | 2012-01-30 03:46:22 -0800 | [diff] [blame] | 33 | |
| Jacob Appelbaum | e205d62 | 2012-07-13 18:37:21 +0200 | [diff] [blame] | 34 | Here is an example with a custom host and custom port without verification: |
| Jacob Appelbaum | b6bfa08 | 2012-01-30 03:46:22 -0800 | [diff] [blame] | 35 | |
| Jacob Appelbaum | e205d62 | 2012-07-13 18:37:21 +0200 | [diff] [blame] | 36 | % sudo tlsdate -v --skip-verification -p 80 -H rgnx.net |
| 37 | V: tlsdate version 0.0.1 |
| Jacob Appelbaum | b6bfa08 | 2012-01-30 03:46:22 -0800 | [diff] [blame] | 38 | V: We were called with the following arguments: |
| Jacob Appelbaum | e205d62 | 2012-07-13 18:37:21 +0200 | [diff] [blame] | 39 | V: disable SSL certificate check host = rgnx.net:80 |
| 40 | WARNING: Skipping certificate verification! |
| 41 | V: time is currently 1342197285.298607 |
| 42 | V: using TLSv1_client_method() |
| 43 | V: Certificate verification skipped! |
| 44 | V: server time 1342197286 (difference is about -1 s) was fetched in 765 ms |
| 45 | V: setting time succeeded |
| Jacob Appelbaum | af07cb5 | 2012-01-18 16:09:19 +1100 | [diff] [blame] | 46 | |
| Jacob Appelbaum | 0a2934c | 2012-02-15 16:03:54 -0800 | [diff] [blame] | 47 | Here is an example of a false ticker that is detected and rejected: |
| 48 | |
| 49 | % sudo tlsdate -v -H facebook.com |
| Jacob Appelbaum | e205d62 | 2012-07-13 18:37:21 +0200 | [diff] [blame] | 50 | V: tlsdate version 0.0.1 |
| Jacob Appelbaum | 0a2934c | 2012-02-15 16:03:54 -0800 | [diff] [blame] | 51 | V: We were called with the following arguments: |
| Jacob Appelbaum | e205d62 | 2012-07-13 18:37:21 +0200 | [diff] [blame] | 52 | V: validate SSL certificates host = facebook.com:443 |
| 53 | V: time is currently 1342197379.931852 |
| Jacob Appelbaum | 0a2934c | 2012-02-15 16:03:54 -0800 | [diff] [blame] | 54 | V: using TLSv1_client_method() |
| 55 | V: SSL certificate verification passed |
| Jacob Appelbaum | e205d62 | 2012-07-13 18:37:21 +0200 | [diff] [blame] | 56 | V: server time 2693501503 (difference is about -1351304124 s) was fetched in 724 ms |
| Jacob Appelbaum | 0a2934c | 2012-02-15 16:03:54 -0800 | [diff] [blame] | 57 | remote server is a false ticker from the future! |
| 58 | |
| Jacob Appelbaum | 894d527 | 2012-07-15 14:32:39 -0400 | [diff] [blame] | 59 | Here is an example where a system may not have any kind of RTC at boot. Do the |
| 60 | time warp to restore sanity: |
| 61 | |
| Jacob Appelbaum | 3eecb1a | 2012-07-15 21:39:20 -0400 | [diff] [blame^] | 62 | % sudo tlsdate -v -V -n -t; |
| 63 | V: tlsdate version 0.0.1 |
| 64 | V: We were called with the following arguments: |
| 65 | V: validate SSL certificates host = www.ptb.de:443 |
| 66 | V: RECENT_COMPILE_DATE is 1342387410.000000 |
| 67 | V: time is currently 1342402415.680888 |
| 68 | V: time is greater than RECENT_COMPILE_DATE |
| 69 | V: using TLSv1_client_method() |
| 70 | V: freezing time for x509 verification |
| 71 | V: remote peer provided: 1342402416, prefered over compile time: 1342387410 |
| 72 | V: SSL certificate verification passed |
| 73 | V: server time 1342402416 (difference is about -1 s) was fetched in 959 ms |
| 74 | Sun Jul 15 21:33:36 EDT 2012 |
| 75 | |