After a year of development, the synchronization system for accurate time, NTPSEC 1.2.3, has been published. NTPSEC is a fork of the reference implementation of the NTPV4 protocol, NTP Classic 4.3.34. The focus of this release was on improving the code base by cleaning up the code, implementing methods to prevent attacks, and protecting functions for working with memory and lines. The project is being led by Eric Raymond, with engineers from Hewlett Packard and Akamai Technologies, as well as the gpsd and RTEMS projects.
Some of the changes in the new version include:
- The alignment of the packages of the control protocol mode 6, which may affect compatibility with the classic NTP. Mode 6 is used to transmit information about the server state and change the server behavior on the fly.
- The AES encryption algorithm is now involved by default.
- The SECCOCP mechanism is used to block incorrect names of system calls.
- Statistics are now discharged annually. Log files with NTS and NTS-Ke statistics are recorded every hour. Errors and statistics for MS-SNTP are also reflected in the log.
- The assembly now includes debugging symbols by default.
- Support for indicating the list of permissible elliptic ECDH curves (TLSECDHCURVES Settings) has been added, supported in Opensl.
- The BuildPrep option now has an “Update” feature.
- A JSON output for NTPDIG now includes a display of data delay.
/Reports, release notes, official announcements.