summary refs log tree commit diff
path: root/synapse/config
diff options
context:
space:
mode:
authorMark Haines <mark.haines@matrix.org>2016-10-12 14:48:24 +0100
committerMark Haines <mark.haines@matrix.org>2016-10-12 14:48:24 +0100
commitc61ddeedaca3944b078f6008b57f3adf6e792cee (patch)
tree48d3bc14ee7ac6e9e9bb0ecf5452cd655ee07d80 /synapse/config
parentImprove comment formatting (diff)
downloadsynapse-c61ddeedaca3944b078f6008b57f3adf6e792cee.tar.xz
Explain how long the servers can cache the TLS fingerprints for
Diffstat (limited to 'synapse/config')
-rw-r--r--synapse/config/tls.py7
1 files changed, 4 insertions, 3 deletions
diff --git a/synapse/config/tls.py b/synapse/config/tls.py
index 20d55d4d60..3c58d2de17 100644
--- a/synapse/config/tls.py
+++ b/synapse/config/tls.py
@@ -105,9 +105,10 @@ class TlsConfig(Config):
         # synapse is using.
         #
         # Homeservers are permitted to cache the list of TLS fingerprints
-        # returned in the key responses. It may be necessary to publish the
-        # fingerprints of a new certificate and wait for the caches on other
-        # servers to expire before deploying it.
+        # returned in the key responses up to the "valid_until_ts" returned in
+        # key. It may be necessary to publish the fingerprints of a new
+        # certificate and wait until the "valid_until_ts" of the previous key
+        # responses have passed before deploying it.
         tls_fingerprints: []
         # tls_fingerprints: [{"sha256": "<base64_encoded_sha256_fingerprint>"}]
         """ % locals()