[hackers] A couple of questions about SSL and NTP.

To: "hackers@xxxxxxxxxxxxx" <hackers@xxxxxxxxxxxxx>

Subject: [hackers] A couple of questions about SSL and NTP.

From: Brian Utterback <brian.utterback@xxxxxxxxxx>

Date: Mon, 27 Mar 2023 17:41:55 +0000

Accept-language: en-US

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=oracle.com; dmarc=pass action=none header.from=oracle.com; dkim=pass header.d=oracle.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=BlA5+vyMgL9dKfPXKWT8/WvKiBUuP2eA8lfqRr9NkNs=; b=F1ZceXNwKaHiJyKu7fLm1x7J0hGWODitG2qfruvBfiN9Ag8rPVIJSnUbIHpVV4SkvbusaXI0O36mdtvs6bng/XxKFz6W6+P0m+/h398b9SNgAaTTCWcJ4OS3Xo9atXIc2gvbUigGe6opusu2oCmqAjPHUe1a3lNf0ukwjZfFjWq1Cv1W7fz6IFS7gMESQuR3km12lZySh9HZaT7d9CsJY9Ygk7lq6e+nRzfzjx6RlvVfhxrk5Z310qaHnMOvknTXkbGT7+EszUKCu+bC9lQ63tUbubPpI8qVXo3pbGcOfuBfPj+rlnMvWqfp17YEd1O1I7fGTXusMwtu5pNpxu1yOg==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NaXX133u8Q3v6UVVYW6df7z3dxRANU6yGA5LRra/mnJfjxuzPLhC79k0awLqvzRTM0g3sP5WjWq4S5iAieDr/9Xp+lkLZzn1g+LGwuTavjJLMWrp0c721vNBuz8waj2L+WwNNtiok55RJI4ggLkS1cryYEjo1fXE/UdG40Ksbg6xXVN1Qy876FVU02bhqxsPYnjmL6fH4NZlilpkNApDYWNIqV8sZNDWw1rAzSINmjvHbC2jsBzt05smsCtmSaa1+e0Gjo+uTGYScsVzP6BJYh3czBDP/WL63qhxqb9uyToU1Qvev6dh4S3lucrSjxWToawThfiAxpKNEaoBj5y48g==

Delivered-to: hackers@xxxxxxxxxxxxx

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : subject : date : message-id : content-type : mime-version; s=corp-2022-7-12; bh=BlA5+vyMgL9dKfPXKWT8/WvKiBUuP2eA8lfqRr9NkNs=; b=ofBZLd/dHefhuNy4pjuxVsS4wZ4bwy4FabqXU3s6KRJlBgLZ8SUZJeLIcXxcZBTETwj8 sU37XuQni4yCgyKWWJYEiFk1ZLs8oqtin8kq7K9N5nMHvwmdP5MIJtkWn0CU0BtaXc7W wRueTb4TsN0IbbdakYQyzDlaMpAkWkDs19VgkNuuu8k75uaXEe2wkjvPPKIyMue1Zb2L 6J6z7ZZo7fhMwZIGCbRxAZGeNfNM3BY7Cf3Z0K1QH5bLT4sNrYMKQzSVjrU/Y0l6Plkz 0YytU3mHYZpOo7LNtr+d+Za7ZtSy/Xyy40cAokkXK1z8DNdha5/AMF2Jw7+rYDaabylw gg==

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.onmicrosoft.com; s=selector2-oracle-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BlA5+vyMgL9dKfPXKWT8/WvKiBUuP2eA8lfqRr9NkNs=; b=OispXDZI444Yno0aRu30TtoKd0tY7kQN7isMBGEE8T3RNWs+u4MDr2Gi9YBxi6pcyip7HZ3OOk4wsykraFXhWGzL3Lj1vOEuEW0pxjM9Xr2/3oeIqNoUo7qXCm/bZXwcNCd+PRVY+IxK0F5x5y5jAmq7wvvsOgkXOBG2FgXgF+4=

List-unsubscribe: mailto:hackers+unsubscribe@lists.ntp.org

Reply-to: hackers@xxxxxxxxxxxxx

Thread-index: Adlg01pa7fC0nKkfSYyeW3s5MfOU5w==

Thread-topic: A couple of questions about SSL and NTP.

Has there been any progress on converting NTP to use SSLv3? Is there anything I can do to help? Solaris is just about to drop versions of SSL prior to V3. I used the patch that was already submitted to allow NTP to build, but even with the patch, it seems that ntp-keygen will not create any keys. I don't know if existing keys will work. In any case, I am under a lot of pressure to make sure NTP will continue to work, but SSL is not my forte.

When I applied the patch and tried to run ntp-keygen, it said that DSA was not available. I got this question from the Solaris project manager:

I noticed your update on Bug 33623437 [...] ntp-keygen not working correctly for generating DSA keys.

I thought DSA keys were deprecated though ?

Is that true? Is there something else that is usable that will work?

--
I haven't lost my mind, it is backed up in the cloud somewhere.

Brian Utterback, Principal Software Engineer
Phone: +16038973049, Mobile: +16035577683
https://oracle.zoom.us/s/2728168892
One Oracle Drive, Nashua, NH 03062