Explain how long the servers can cache the TLS fingerprints for

This commit is contained in:
Mark Haines 2016-10-12 14:48:24 +01:00
parent 0af6213019
commit c61ddeedac
1 changed files with 4 additions and 3 deletions

View File

@ -105,9 +105,10 @@ class TlsConfig(Config):
# synapse is using.
#
# Homeservers are permitted to cache the list of TLS fingerprints
# returned in the key responses. It may be necessary to publish the
# fingerprints of a new certificate and wait for the caches on other
# servers to expire before deploying it.
# returned in the key responses up to the "valid_until_ts" returned in
# key. It may be necessary to publish the fingerprints of a new
# certificate and wait until the "valid_until_ts" of the previous key
# responses have passed before deploying it.
tls_fingerprints: []
# tls_fingerprints: [{"sha256": "<base64_encoded_sha256_fingerprint>"}]
""" % locals()