diff --git a/handshake/crypto_setup_server.go b/handshake/crypto_setup_server.go
index b9e4304f..7558cfe7 100644
--- a/handshake/crypto_setup_server.go
+++ b/handshake/crypto_setup_server.go
@@ -281,7 +281,7 @@ func (h *cryptoSetupServer) verifySTK(stk []byte) bool {
 		utils.Debugf("STK invalid: %s", err.Error())
 		return false
 	}
-	if time.Now().After(stkTime.Add(protocol.STKExpiryTimeSec * time.Second)) {
+	if time.Now().After(stkTime.Add(protocol.STKExpiryTime)) {
 		return false
 	}
 	return true
diff --git a/handshake/crypto_setup_server_test.go b/handshake/crypto_setup_server_test.go
index 1c31a319..60bdce0b 100644
--- a/handshake/crypto_setup_server_test.go
+++ b/handshake/crypto_setup_server_test.go
@@ -441,7 +441,7 @@ var _ = Describe("Server Crypto Setup", func() {
 		})
 
 		It("REJ messages that have an expired STK", func() {
-			cs.scfg.stkSource.(*mockStkSource).stkTime = time.Now().Add(-protocol.STKExpiryTimeSec * time.Second).Add(-time.Second)
+			cs.scfg.stkSource.(*mockStkSource).stkTime = time.Now().Add(-protocol.STKExpiryTime).Add(-time.Second)
 			Expect(cs.isInchoateCHLO(fullCHLO, cert)).To(BeTrue())
 		})
 
diff --git a/protocol/server_parameters.go b/protocol/server_parameters.go
index 334938a6..116d27e0 100644
--- a/protocol/server_parameters.go
+++ b/protocol/server_parameters.go
@@ -84,8 +84,8 @@ const SkipPacketAveragePeriodLength PacketNumber = 500
 // MaxTrackedSkippedPackets is the maximum number of skipped packet numbers the SentPacketHandler keep track of for Optimistic ACK attack mitigation
 const MaxTrackedSkippedPackets = 10
 
-// STKExpiryTimeSec is the valid time of a source address token in seconds
-const STKExpiryTimeSec = 24 * 60 * 60
+// STKExpiryTime is the valid time of a source address token
+const STKExpiryTime = 24 * time.Hour
 
 // MaxTrackedSentPackets is maximum number of sent packets saved for either later retransmission or entropy calculation
 const MaxTrackedSentPackets = 2 * DefaultMaxCongestionWindow