Explain how long the servers can cache the TLS fingerprints for

2016-10-12 14:48:24 +01:00 · 2016-10-12 14:48:24 +01:00 · c61ddeedac
commit c61ddeedac
parent 0af6213019
1 changed files with 4 additions and 3 deletions
--- a/synapse/config/tls.py
+++ b/synapse/config/tls.py
@ -105,9 +105,10 @@ class TlsConfig(Config):
        # synapse is using.
        #
        # Homeservers are permitted to cache the list of TLS fingerprints
-        # returned in the key responses. It may be necessary to publish the
-        # fingerprints of a new certificate and wait for the caches on other
-        # servers to expire before deploying it.
+        # returned in the key responses up to the "valid_until_ts" returned in
+        # key. It may be necessary to publish the fingerprints of a new
+        # certificate and wait until the "valid_until_ts" of the previous key
+        # responses have passed before deploying it.
        tls_fingerprints: []
        # tls_fingerprints: [{"sha256": "<base64_encoded_sha256_fingerprint>"}]
        """ % locals()