Norm Cook wrote:

Using Chrome For XP Version 49.0.2623.75
Works well despite warnings that it will soon no longer be
supported.

Has any figured out how to avoid the 'Your clock is ahead/behind?'

I have IE8 installed but it won't open any https website.

Any other browsers that work well with XP?

SSL/TLS used in encrypting the handshake between the endpoint hosts
involves sending time sensitive tokens. If the time of one host is way
off (I don't know by how much) then the other end thinks the token it
got has already expired, and the session gets cancelled.

What is so tough about keeping your host correct for its time? You have
an Internet connection, so you can access the 2nd and 3rd tier atomic
clocks to keep your OS (and RTC) clock in sync. I don't remember under
what conditions Windows XP will do an NTP (Network Time Protocol) sync.
One is when you connect to a domain where the PDC provides the time
sync, but you're not likely in a corporate domain network. I'd have to
research, but my guess the default time sync is once per week for XP.
Your RTC chip shouldn't drift by more than a minute, or two, over an
entire year, so weekly updates mean you won't have SSL connect issues.
You can also get atomic clock sync software for free. I used to use
Socke****ch, even in later versions of Windows.

Socke****ch came with a long list of time servers. The list was old, so
many were dead (no longer existed) or were unreachable. I went through
the list to delete the dead ones although that was just me being neat
until I realized they demoted the dead ones. They would test the lag in
response from the time servers (they tried 5 at a time) and kept a score
on how quick you got a response, so the fastest ones got used. You can
also edit the list to add your own, like I added a couple public ones
ran by a local university.

Eventually I discarded Socke****ch because I found the registry settings
for the Windows Time service which let me change the sync interval to
once per day. As with Socke****ch, I can edit registry settings to add
NTP servers, so I added the university's. The NTP servers are listed
under:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\DateTime\Servers

Then I went into the time config, and selected one of those. The
Microsoft ones are the default ones, so they get slammed by the vast
majority of Windows hosts and can get too busy. A better choice would
be to change to using time.nist.gov which Microsoft already pre-defined.

If you want to change the NTP polling interval, there are plenty of
online articles telling which registry entries to edit. Easier is to
use the command-line program w32tm.exe. You can add an event in Task
Scheduler to run "w32tm.exe /resync /nowait" that runs once per day, or
at whatever interval you want. Run "w32tm.exe /?" to see a list of all
its arguments. I found it easier to schedule the resync event than have
to remember where in the registry to shorten the polling interval.
Actually I schedule a .bat file to run once per day which has:

@echo off
cls

echo Force a time synchronization ...
echo (This batch script must be ran inside an elevated command shell.)

:REM - Make sure the time service is running.
net start w32time

:REM Force a time sync.
w32tm /resync /nowait

Whether using the batch file or the .exe file, the scheduled event MUST
run with elevated privileges. I simply added the 'net start' command to
ensure the Windows Time service was in Running state. Such commands are
asynchronous: they send a request to start the service, but the command
does not wait until the service is ready. Well, if the service was
stopped for some reason, it could take longer to startup than when the
w32tm command was next executed in the batch file. Oh well, if it
wasn't ready today, the service will be ready tomorrow. I'm sync'ing
once per day. The defaults are something like at Windows startup, once
per week, or at login to a domain, so my once-per-day sync was a lot
shorter (I never logout unless I have to, and leave Windows running
24x7).

I could use 3rd party time sync software, but it wouldn't do any more
than what I can by editing the registry to add my own NTP servers or to
change the polling interval (for which a scheduled event is easier to
manage instead of registry edits).

Yes, you *must* have your host synchronized regarding its time for
encrypted handshaking to work between endpoint hosts. The host to which
you connect is not an NTP server. It's not their job to run an NTP
server to keep your host up to date on its time and date. Since the
endpoints are independent, they don't sync with each other, so they sync
with a reference, like an NTP server that is part of the worldwide mesh
network of NTP servers. You don't get to sync with tier 1 NTP servers.
Only gov't and colleges can do that. You get to use 2nd or 3rd tier NTP
servers, and only those that are publicly accessible. By your endpoint
synchronizing to an NTP server, and by the server to which you want to
connect also synchronizing to an NTP server (they don't have to be the
same one), the endpoint hosts will have times that are very close and
prevent the SSL/TLS tokens from looking like they are already expired
when received. When the tokens are created, they are timestamped.
There is also an expiration, but I don't know what that it. The
expiration allows some slack to afford a small difference in times
between the endpoint hosts. I don't know if there is a default
expiration in the protocol, or if the endpoint is allowed to determine
how much difference in timestamp is too much. I didn't dig that deep
into NTP.

If instead the "Your clock is ahead/behind" message is about your
timezone, sounds like a timezone sync problem due to Daylight Savings.
Since Windows XP support ended long ago (extended support ended in 2014,
and mainstream support died before that), you won't be getting any
updates to the DST table. Previously the DST on/off dates were not
fixed, so a table held when DST went on or off. If you don't care about
the timezone on your computer matching the timezone in your region, you
could just turn off the "automatic" change. Or, when you go around your
house changing all your other clocks, you could also change your
computer's clock. Go into the Date & Time settings, Date and Time tab,
and deselect the "Notify me when the clock changes" option. Then click
on the "Change time zone" button, and deselect the "Automatically adjust
clock for Daylight Saving Time" option. Not everywhere bothers with the
DST idiocracy. The notify setting may be all you need. I'm doing a
resync every day, and it's possible the clock changes by a few
milliseconds, but I don't get a prompt telling me there was a sync.
Likely the prompt shows only when the clock changes by some threshold.