1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
|
// NTS commands - included twice
The following command controls NTS authentication. It overrides
normal TLS protocol negotiation, which is not usually necessary.
[[nts]]
+nts+ [enable|disable] [+mintls+ _version_] [+maxtls+ _version_] [+tlsciphersuites+ _name_]
The options are as follows:
+cert+ _file_::
Present the certificate in _file_ as our certificate.
+key+ _file_::
Read the private key to our certificate from _file_.
+ca+ _location_::
Use the file, or directory, specified by _location_ to
validate NTS-KE server certificates instead of the system
default root certificates. If a directory is specified, it
must have files named with their hash, as created by
+openssl rehash+.
+cookie+ _location_::
Use the file (or directory) specified by _location_ to
store the keys used to make and decode cookies. The default
is _/var/lib/ntpsec/nts-keys_.
+enable+::
Enable NTS-KE server.
When enabled, +cert+ and +key+ are required.
+disable+::
Disable NTS-KE server.
+mintls+ _string_::
Set the lowest allowable TLS version to negotiate. Will be useful in
the wake of a TLS compromise. Reasonable values are
_TLS1.3_ if your system supports it. TLS 1.3 was first supported in
OpenSSL version 1.1.1.
+maxtls+ _string_::
Set the highest allowable TLS version to negotiate. By setting
+mintls+ and +maxtls+ equal, you can force the TLS version for
testing. Format is as for +mintls+.
// https://crypto.stackexchange.com/questions/8964/sending-tls-messages-with-out-encryption-using-openssl-code
+tlsciphersuites+ _string_::
An OpenSSL ciphersuite list to configure the allowed ciphersuites for
TLS 1.3. A single NULL cipher disables encryption and use of certificates.
+aead+ _string_::
Specify the crypto algorithm to be used on the wire. The choices
come from RFC 5297. The only options supported are AES_SIV_CMAC_256,
AES_SIV_CMAC_384, and AES_SIV_CMAC_512. This slot is dual use.
It is the server default if the remote client doesn't request a
valid choice and it is also the preference passed to the
remote client if the server command doesn't specify a preference.
The default is AES_SIV_CMAC_256.
The following options of the +server+ command configure NTS (as a client).
+nts+::
Use Network Time Security (NTS) for authentication. Normally,
this is all you have to do to activate the client side of NTS.
+
The hostname following the +server+ command is used as the address
of the NTS key exchange server (NTS-KE) rather than the address
of a NTP server. The NTS-KE exchange defaults to using the same
IP address for the NTP server.
+
Note that the +server+ hostname must match the name on the NTS-KE
server's certificate.
+noval+::
Do not validate the server certificate.
+ca+ _location_::
Use the file, or directory, specified by _location_ to validate the
NTS-KE server certificate, overriding the site default. Do not use
any other CA. If a directory is specified, it must have files named
with their hash, as created by +openssl rehash+.
+aead+ _string_::
Specify the preferred crypto algorithm to be used on the wire.
The only options supported are AES_SIV_CMAC_256, AES_SIV_CMAC_384, and
AES_SIV_CMAC_512. The server may ignore the request. See the +aead+
option above.
+
The same +aead+ algorithms are also used to encrypt cookies.
The default is AES_SIV_CMAC_256. There is no config file option to
change it, but you can change it by editing the saved cookie key
file, probably _/var/lib/ntpsec/nts-keys_. Adjust the _L:_ slot to be
48 or 64 and adjust the _I:_ slots to have the right number of bytes.
Then restart the server. (All old cookies held by clients will be
rejected so their next 8 NTP requests will be ignored. They should
recover by retrying NTS-KE to get fresh cookies.)
// end
|
