Home | History | Annotate | only in /external/tlsdate
Up to higher level directory
NameDateSize
.gitignore21-Oct-2016451
.travis.yml21-Oct-2016305
Android.mk21-Oct-20162.7K
apparmor-profile21-Oct-20164.2K
AUTHORS21-Oct-2016146
autogen.sh21-Oct-2016485
ca-roots/21-Oct-2016
CHANGELOG21-Oct-20168.5K
config.h21-Oct-20167.5K
configure.ac21-Oct-201624.4K
dbus/21-Oct-2016
etc/21-Oct-2016
events.dot21-Oct-20161.7K
HACKING.md21-Oct-20162.7K
HARDENING21-Oct-20163.2K
init/21-Oct-2016
INSTALL21-Oct-20166.5K
LICENSE21-Oct-20162.4K
m4/21-Oct-2016
Makefile.am21-Oct-20164.1K
Makefile.android21-Oct-20162.4K
man/21-Oct-2016
mkfile21-Oct-2016369
MODULE_LICENSE_BSD_LIKE21-Oct-20160
NOTICE21-Oct-20162.4K
README21-Oct-20161.5K
run-tests21-Oct-20161K
src/21-Oct-2016
systemd/21-Oct-2016
test.conf21-Oct-201649
tests/21-Oct-2016
tlsdate-brew-formula.rb21-Oct-2016782
tlsdate-seccomp-amd64.policy21-Oct-2016729
tlsdate-seccomp-arm.policy21-Oct-2016777
tlsdate-seccomp-x86.policy21-Oct-2016659
TLSDATEPOOL21-Oct-20161.4K
TODO21-Oct-20161.9K

README

      1 tlsdate: secure parasitic rdate replacement
      2 
      3  tlsdate sets the local clock by securely connecting with TLS to remote
      4  servers and extracting the remote time out of the secure handshake. Unlike
      5  ntpdate, tlsdate uses TCP, for instance connecting to a remote HTTPS or TLS
      6  enabled service, and provides some protection against adversaries that try to
      7  feed you malicious time information.
      8 
      9 On Debian GNU/Linux and related systems, we provide an init.d script that
     10 controls the tlsdated daemon. It will notice network changes and regularly
     11 invoke tlsdate to keep the clock in sync. Start it like so:
     12 
     13   /etc/init.d/tlsdate start
     14 
     15 
     16 Here is an example an unprivileged user fetching the remote time:
     17 
     18   % tlsdate -V -n -H encrypted.google.com
     19   Fri Apr 19 17:56:46 PDT 2013
     20 
     21 
     22 This is an example run - starting as root and dropping to nobody, setting the
     23 clock and printing it:
     24 
     25   % sudo tlsdate -V
     26   Fri Apr 19 17:57:49 PDT 2013
     27 
     28 
     29 Here is an example with a custom host and custom port without verification:
     30 
     31   % sudo tlsdate --skip-verification -p 80 -H rgnx.net
     32 
     33 Here is an example where a system may not have any kind of RTC at boot. Do the
     34 time warp to restore sanity and do so with a leap of faith:
     35 
     36   % sudo tlsdate -V -l -t
     37   Fri Apr 19 18:08:03 PDT 2013
     38 
     39 
     40 Some SSL/TLS services do not provide accurate time in their handshake process;
     41 tlsdate may also be used to fetch time by processing the HTTP Date headers of
     42 HTTP services:
     43 
     44   % sudo tlsdate -V -l -t -w
     45   Wed Oct 30 18:08:46 CET 2013
     46 
     47 
     48