[chrony-users] chrony-4.0-pre1 released

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-users Archives ]

The first prerelease for chrony-4.0 is now available.

The main new feature is support for the Network Time Security (NTS)
authentication mechanism based on TLS and AEAD, which enables NTP
servers to securely provide time to a large number of clients (no need
to share keys in the key file). GnuTLS and Nettle are required for the
NTS support. Please note that the specification is not finalised yet
and some values like the NTS-KE port number are expected to change.

Cloudflare and Netnod run public NTP servers with NTS. They can be
specified in chrony.conf with:
server time.cloudflare.com nts ntsport 1234 iburst                                                                        
server nts.ntp.se nts ntsport 4443 iburst                                                                                 

The source code can be downloaded here:

SHA256 sum:

Changes since version 3.5:

* Add support for Network Time Security (NTS) authentication
* Add support for AES-CMAC keys (AES128, AES256) with Nettle
* Add support for maxsamples of 1 for faster update with -q/-Q option
* Add -L option to limit log messages by severity
* Avoid replacing NTP sources with unreachable addresses
* Improve NTP loop test to prevent synchronisation to itself
* Update clock synchronisation status and leap status more frequently
* Update seccomp filter
* Add "add pool" command
* Add -N option and sourcename command to print original names of sources
* Add -a option to source/sourcestats command to print unresolved sources
* Add reset command to drop all measurements

Bug fixes
* Handle RTCs that don't support interrupts
* Respond to command requests with correct address on multihomed hosts

Removed features
* Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320)

Miroslav Lichvar

Attachment: signature.asc
Description: PGP signature

Mail converted by MHonArc 2.6.19+ http://listengine.tuxfamily.org/