From 54c6ff1c419fffcb12ae33e45208b6dbe8914c02 Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Sat, 23 Feb 2013 20:16:13 +0100 Subject: Subtract splay time to key refresh interval A random splay time of up to 5 minutes will ensure that simultaneous handshakes with many peers are desynchronized as fast as possible. --- src/method_aes128_gcm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/method_aes128_gcm.c') diff --git a/src/method_aes128_gcm.c b/src/method_aes128_gcm.c index 7dfabef..867e873 100644 --- a/src/method_aes128_gcm.c +++ b/src/method_aes128_gcm.c @@ -109,7 +109,7 @@ static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, u session->valid_till.tv_sec += ctx->conf->key_valid; session->refresh_after = ctx->now; - session->refresh_after.tv_sec += ctx->conf->key_refresh; + session->refresh_after.tv_sec += ctx->conf->key_refresh - fastd_rand(ctx, 0, ctx->conf->key_refresh_splay); fastd_block128_t key; memcpy(key.b, secret, sizeof(fastd_block128_t)); -- cgit v1.2.3