The important bit:
Simen said he believes the STS design is based on a fundamental misinterpretation of the TLS specification. Microsoft’s description of STS acknowledges that some SSL implementations don’t put the current system time of the server in the ServerUnixTime field at all. Instead, these implementations—most notably the widely used OpenSSL code library starting in 2014—populate the field with random values. Microsoft’s description goes on to say, “We have observed that most servers provide a fairly accurate value in this field and the rest provide random values.”
“The false assumption is that most SSL implementations return the server time,” Simen said. “This was probably true in a Microsoft-only ecosystem back when they implemented it, but at that time [when STS was introduced], OpenSSL was already sending random data instead.”
We ran into this bug in a production system a few months back. We had a legacy cluster of windows workbenches which connected to each other using an encrypted communications API on an isolated network. We initially couldn’t determine why the system clocks fell out of sync in a rather cascading fashion. Guess this explains it. We ended up resolving it by bridging them to the internet and forcing a sync with time servers. A few months later, it happened again. At the time we thought it to be a bug in Windows. Go figure it was.