From c61ddeedaca3944b078f6008b57f3adf6e792cee Mon Sep 17 00:00:00 2001
From: Mark Haines <mark.haines@matrix.org>
Date: Wed, 12 Oct 2016 14:48:24 +0100
Subject: Explain how long the servers can cache the TLS fingerprints for

---
 synapse/config/tls.py | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'synapse/config')

diff --git a/synapse/config/tls.py b/synapse/config/tls.py
index 20d55d4d60..3c58d2de17 100644
--- a/synapse/config/tls.py
+++ b/synapse/config/tls.py
@@ -105,9 +105,10 @@ class TlsConfig(Config):
         # synapse is using.
         #
         # Homeservers are permitted to cache the list of TLS fingerprints
-        # returned in the key responses. It may be necessary to publish the
-        # fingerprints of a new certificate and wait for the caches on other
-        # servers to expire before deploying it.
+        # returned in the key responses up to the "valid_until_ts" returned in
+        # key. It may be necessary to publish the fingerprints of a new
+        # certificate and wait until the "valid_until_ts" of the previous key
+        # responses have passed before deploying it.
         tls_fingerprints: []
         # tls_fingerprints: [{"sha256": "<base64_encoded_sha256_fingerprint>"}]
         """ % locals()
-- 
cgit 1.4.1