The nonces in the TCP handshake are not used as described in the documentation. Instead of using the nonce, the client sent to the server, the server uses its own nonce to encrypt the packages sent to the client. The nonce sent to the server by the client is used by the client for messages sent to the server. (see irungentoo/toxcore/TCP_client.c#L385)
This does not match the documentation and could also be a risk when it comes to replay attacks.
The nonce sent from the server to the client is used by the server (and not by the client).
The nonces in the TCP handshake are not used as described in the documentation. Instead of using the nonce, the client sent to the server, the server uses its own nonce to encrypt the packages sent to the client. The nonce sent to the server by the client is used by the client for messages sent to the server. (see irungentoo/toxcore/TCP_client.c#L385) This does not match the documentation and could also be a risk when it comes to replay attacks.
The nonce sent from the server to the client is used by the server (and not by the client).
Imo, this should be changed in toxcore.