mirror of
https://gitlab.com/chrony/chrony.git
synced 2025-12-03 18:25:07 -05:00
689605b6a2
Implement a fallback for the NTS-NTP client to switch to the compliant AES-128-GCM-SIV exporter context when the server is using the compliant context, but does not support the new NTS-KE record negotiating its use, assuming it can respond with an NTS NAK to the request authenticated with the incorrect key. Export both sets of keys when processing the NTS-KE response. If an NTS NAK is the only valid response from the server after the last NTS-KE session, switch to the keys exported with the compliant context for the following requests instead of dropping all cookies and restarting NTS-KE. Don't switch back to the original keys if an NTS NAK is received again.
2.0 KiB
2.0 KiB