How much clock asynchronicity can secure protocols tolerate?

ssl ssl-certificate time

I've noticed that connections to a secure server got reset if time is out of sync on a server.

I believe time synchronization protocols can be just as precise to the order of network latency with the external time servers, which could be as much as few hundreds of milliseconds.

What are the time precision requirements of TLS connections and certificate validation?


I've heard 5 minutes thrown around several times as per EEAA's comment, but I honestly don't know why (and am looking forward to an explanation).

Bear in mind this is not the TLS protocol itself that has this precision-requirement, as per the documentation:

Clocks are not required to be set correctly by the basic TLS protocol; higher-level or application protocols may define additional requirements.

Related

spontaneous reboot, machine check events, AMD ryzen [closed]
Label "activities" in Plasma 5 desktop?
How to Automate a job to move the latest file with a sequential file name
Fail2ban with nftables and IPv6
Why can't I use a DSC resource in push mode from a module that is installed in my user's module path?
Storage of User Profile Disks on file server cluster (SOFS or normal)
Where is the Internal IP address stored in Ubuntu?
mdadm marks hdd faulty even though it's in pristine health?
Why do I get this APT warning: Signature by key [...] uses weak digest algorithm (SHA1)?
Unable to list new files on a cifs share with ls *
Why is IPScan detected as a virus?
systemd stops restarting service