Will Disabling STS Help with My PC's Time Occasionally Changing to an Incorrect Future Time?

SeongYoun Cho 0 Reputation points
2024-10-01T07:54:59.2433333+00:00

Hello, I’ve noticed that my PC’s time sometimes changes to a bizarre future time for no apparent reason. My system is communicating properly with the NTP server, and I’m not sure exactly when the time changes.

While researching online, I came across a feature called STS (Secure Time Seeding). I read that if this feature is enabled, it can cause the time to jump forward to a future date.

After checking my PC, it seems that this feature is enabled by default. Would disabling STS help resolve this issue?

Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
11,599 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Ian Xue 37,101 Reputation points Microsoft Vendor
    2024-10-07T02:29:41.7466667+00:00

    Hi cho,

    Thanks for your post. I agree with you. Generally speaking, Secure Time Seeding (STS) was added to Windows 10 in 2015. The feature is intended to correct discrepancies between the time set in the system and the actual time – primarily when a computer’s battery feeding the internal real-time clock dies and the time settings have nothing in common with reality. Most importantly, STS is able to correct the system time without accessing the current-time servers.

    But why is such a correction of time discrepancies even needed? Oddly enough, for security. Typically, client-server data exchange (including system connection to the internet time servers) is protected with SSL/TLS encryption protocols. To establish such a connection with the server, the client first needs to verify its digital certificate, and these certificates have a certain validity period. Therefore, if the time in the system is set with a significant error, the certificate may be considered expired, and a secure connection won’t be established.

    So a vicious circle appears: in order to find out the current time, the computer needs to know the current time. It doesn’t have to be perfectly accurate; the approximate time can work too. But the greater the difference between the system time and the actual time, the greater the chance the certificate will get flagged as expired.

    STS introduces (at least in its developers’ minds) a way for the system to automatically identify and correct major discrepancies, even when a secure connection cannot be established with any server. This is achieved by using current timestamps and digital-certificate expiry dates contained in the data sent by the servers to the client during the initial establishment of a secure connection (the SSL and TLS handshakes).

    The exact algorithm of STS is unknown. But the general idea is that Windows pulls data from the SSL handshake and uses it to compute a reliable range for the current time and assign it a probability. As new data becomes available, the range is updated, and the probability can gradually increase. When it reaches a certain threshold, STS decides to change the system time to the median time from the range it deems reliable. In theory, such precision should suffice to establish a secure connection, connect to a current time server, and get the precise time.

    Best Regards,

    Ian Xue


    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.