2 files changed, 4 insertions, 3 deletions

diff --git a/docs/conf/modules.conf.example b/docs/conf/modules.conf.example
index ae32bb0e0..ad2b9ca8a 100644
--- a/docs/conf/modules.conf.example
+++ b/docs/conf/modules.conf.example
@@ -1224,14 +1224,15 @@
 #
 # host     - A glob match for the SNI hostname to apply this policy to.
 # duration - The amount of time that the policy lasts for. Defaults to
-#            approximately two months by default.
+#            five minutes by default. You should raise this to a month
+#            or two once you know that your config is valid.
 # port     - The port on which TLS connections to the server are being
 #            accepted. You MUST have a CA-verified certificate on this
 #            port. Self signed certificates are not acceptable.
 # preload  - Whether client developers can include your certificate in
 #            preload lists.
 #
-# <sts host="*.example.com" duration="60d" port="6697" preload="yes">
+# <sts host="*.example.com" duration="5m" port="6697" preload="yes">
 
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 # Join flood module: Adds support for join flood protection +j X:Y.
diff --git a/src/modules/m_ircv3_sts.cpp b/src/modules/m_ircv3_sts.cpp
index 86ea159c1..4d2839062 100644
--- a/src/modules/m_ircv3_sts.cpp
+++ b/src/modules/m_ircv3_sts.cpp
@@ -171,7 +171,7 @@ class ModuleIRCv3STS : public Module
 		if (!HasValidSSLPort(port))
 			throw ModuleException("<sts:port> must be a TLS port, at " + tag->getTagLocation());
 
-		unsigned long duration = tag->getDuration("duration", 60*60*24*30*2);
+		unsigned long duration = tag->getDuration("duration", 5*60, 60);
 		bool preload = tag->getBool("preload");
 		cap.SetPolicy(host, duration, port, preload);