Sysadmin

5448 readers

1 users here now

A community dedicated to the profession of IT Systems Administration

founded 5 years ago

MODERATORS

[email protected]

Windows feature that resets system clocks based on random data is wreaking havoc (arstechnica.com)

submitted 10 months ago by [email protected] to c/[email protected]

2 comments fedilink hide all child comments

top 2 comments

sorted by: hot top controversial new old

[–] [email protected] 1 points 10 months ago

We ran into this bug in a production system a few months back. We had a legacy cluster of windows workbenches which connected to each other using an encrypted communications API on an isolated network. We initially couldn’t determine why the system clocks fell out of sync in a rather cascading fashion. Guess this explains it. We ended up resolving it by bridging them to the internet and forcing a sync with time servers. A few months later, it happened again. At the time we thought it to be a bug in Windows. Go figure it was.

[–] [email protected] 1 points 10 months ago* (last edited 10 months ago)

The important bit:

Simen said he believes the STS design is based on a fundamental misinterpretation of the TLS specification. Microsoft’s description of STS acknowledges that some SSL implementations don’t put the current system time of the server in the ServerUnixTime field at all. Instead, these implementations—most notably the widely used OpenSSL code library starting in 2014—populate the field with random values. Microsoft’s description goes on to say, “We have observed that most servers provide a fairly accurate value in this field and the rest provide random values.”

“The false assumption is that most SSL implementations return the server time,” Simen said. “This was probably true in a Microsoft-only ecosystem back when they implemented it, but at that time [when STS was introduced], OpenSSL was already sending random data instead.”