From c4e1c1f10bb76ddd4948cda41dff8dbdea6441fd Mon Sep 17 00:00:00 2001
From: Nikolay Petrov <sungon@gmail.com>
Date: Sat, 21 Feb 2026 20:27:27 -0500
Subject: [PATCH] restrict ecdh timestamp in both directions

---
 peer.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/peer.go b/peer.go
index 8a5844d..cc07a80 100644
--- a/peer.go
+++ b/peer.go
@@ -372,7 +372,7 @@ func (p *peer) getECDHPublicKey(cfg *pbconnect.ECDHConfiguration) (*ecdh.PublicK
 
 	keyBytes, timeBytes := cfg.KeyTime[0:len(cfg.KeyTime)-8], cfg.KeyTime[len(cfg.KeyTime)-8:]
 	t := time.Unix(0, int64(binary.BigEndian.Uint64(timeBytes)))
-	if time.Since(t) > 5*time.Minute {
+	if time.Since(t).Abs() > 5*time.Minute {
 		return nil, fmt.Errorf("time verification failed")
 	}