1tlsdate: secure parasitic rdate replacement 2 3 tlsdate sets the local clock by securely connecting with TLS to remote 4 servers and extracting the remote time out of the secure handshake. Unlike 5 ntpdate, tlsdate uses TCP, for instance connecting to a remote HTTPS or TLS 6 enabled service, and provides some protection against adversaries that try to 7 feed you malicious time information. 8 9On Debian GNU/Linux and related systems, we provide an init.d script that 10controls the tlsdated daemon. It will notice network changes and regularly 11invoke tlsdate to keep the clock in sync. Start it like so: 12 13 /etc/init.d/tlsdate start 14 15 16Here is an example an unprivileged user fetching the remote time: 17 18 % tlsdate -V -n -H encrypted.google.com 19 Fri Apr 19 17:56:46 PDT 2013 20 21 22This is an example run - starting as root and dropping to nobody, setting the 23clock and printing it: 24 25 % sudo tlsdate -V 26 Fri Apr 19 17:57:49 PDT 2013 27 28 29Here is an example with a custom host and custom port without verification: 30 31 % sudo tlsdate --skip-verification -p 80 -H rgnx.net 32 33Here is an example where a system may not have any kind of RTC at boot. Do the 34time warp to restore sanity and do so with a leap of faith: 35 36 % sudo tlsdate -V -l -t 37 Fri Apr 19 18:08:03 PDT 2013 38 39 40Some SSL/TLS services do not provide accurate time in their handshake process; 41tlsdate may also be used to fetch time by processing the HTTP Date headers of 42HTTP services: 43 44 % sudo tlsdate -V -l -t -w 45 Wed Oct 30 18:08:46 CET 2013 46 47 48