Ubuntu 25.10 Introduces Secure Time Synchronization for Enhanced Security
Canonical has announced that starting with Ubuntu 25.10 , the operating system will begin using chrony instead of systemd-timesyncd for more secure time synchronization — a move aimed at improving overall system security, especially for cryptographic operations and certificate validation.
Most end users won’t notice the change directly, but it brings an important upgrade under the hood. The current tool, systemd-timesyncd, relies on the Network Time Protocol (NTP) , which is effective at keeping accurate time but lacks built-in authentication. This means there’s a risk of syncing with a malicious time server — something that could interfere with SSL/TLS certificate checks and other security-sensitive processes.
Why NTS Matters
The new approach uses Network Time Security (NTS) , a modern extension of NTP that adds cryptographic verification to time sources. Before fetching the time, your system performs a secure handshake with the NTS server — similar to how HTTPS establishes a secure connection with websites.
This handshake takes place over port 4460/TCP , which is more reliable than the UDP-based port used by traditional NTP. Unlike UDP, TCP ensures data arrives intact and in order , making the process more stable and secure.
Once the secure connection is established, time synchronization still happens over the standard NTP port (123/UDP), but now each update comes with a cryptographic signature , ensuring the time data hasn’t been tampered with.
What This Means for Ubuntu Users
The switch to chrony is scheduled to take effect on June 5 , as part of the development cycle for Ubuntu 25.10. If you try the daily build after this date, you’ll be running a version of Ubuntu that securely fetches the time using NTS and chrony — helping keep your system safer without any action needed from you.
