The NTPsec Project is pleased to announce the tagging of version 1.2.3

  • Change mode6 alignment to four, which may break some compatibility with classic NTP.

  • Seccomp should now also yield invalid syscall names when dying.

  • Make ntpq stop dropping output timestamp leading zeroes.

  • Update documents in quite a few places.

  • Reset some stats hourly, even when not logged into files.

  • Add error logging, and stats for ms-sntp.

  • Add spacing between multiple peer views in ntpq.

  • We think we have fixed ms-sntp but we can’t test it. If you can test it, please let us know if it does/doesn’t work.

  • ntpd and ntpq both treat SHA-1 as an alias for SHA1 NIST uses SHA-1. The crypto package from OpenSSL uses SHA1.

  • The default crypto type for ntpq is now AES. RFC 8573 deprecated MD5.

  • There are now log files with hourly statistics for NTS and NTS-KE traffic: filegen ntsstats and filegen ntskestats,

  • Update ntpsnmpd to use python built-in to get uname information. NTPsec/ntpsec#791

  • Update license file names for REUSE compliance.

  • Fix ntploggps issue where count_used_satellites checked before it is initialized.

  • Print out OpenSSL version at configure time.

  • Enable debug symbols by default, with only an option to disable.

  • Add support for ecdhcurves list.

  • Fix build on platforms where -fstack-protector relies on libssp, like musl.

  • Fix ntpdig crash when using with a host without IPv6 support.

  • Do not install libaes_siv test anymore.

  • Add update option to buildprep.

  • ntpdig shows packet delay in JSON output.

For other changes since the previous release, please consult the project NEWS.adoc file at

Getting this release

You can clone the git repo from and you can download the release tarballs with sums and signatures from

This release is signed with the GPG key id E57235D22764129FA4F2F4D17F52608ED0E49D76