TCP Fast Open: the server should periodically change the encryption key used to generate the TFO cookies, so as to prevent attackers harvesting many cookies over time to use in a coordinated attack against the server.
How can I get the default period(if it exists) or set it on Linux?
As far as I understand, there are two ways to set the TCP Fast Open keys in Linux - system-wide and per-socket.
If the application is aware of TCP Fast Open, the application can ask for TCP Fast Open behavior using the TCP_FASTOPEN option in setsockopt(). When that is set, as can be seen in the implementation of do_tcp_setsockopt, the key is generated by calling tcp_fastopen_init_key_once() from some random bytes.
As far as I understand, the application can re-generate the key by calling setsockopt() again with TCP_FASTOPEN or, alternatively, set a specific key by calling TCP_FASTOPEN_KEY with the correct key data. You can also do that initially, instead of setting TCP_FASTOPEN. I'm guessing TCP_FASTOPEN_KEY is useful for syncing keys across a cluster of unicast servers.
You can use the sysctl tunable net.ipv4.tcp_fastopen_key to set a system-wide TFO key to be used by processes that are not aware of TFO. Here is a discussion in Wikimedia's tech wiki of TFO - which I assume is for managing Wikimedia's servers TFO support - at the end of it they have sample code to update the system TFO key.
In Linux there is no planned rotation of TCP Fast Open keys - it is either the responsibility of the application, or the sys admin has to set up something.
As far as I understand, if the application is TFO-aware, then that is it - the application is responsible for whatever security measures they use and the system administrator cannot override that. This make sense to me as it lowers the cost of controlling and syncing TFO keys in a custom software cluster environment.
In Linux, as of version 5.3, there are two TFO keys - a primary and a backup. This was done to reduce the cost of resetting the key - every time you reset the key, the previous key is copied to the backup position, so that if a client that has a cookie with the old key sends a SYN, that packet would still be valid. So if you want to flush all cookies on all clients, you'd need to set the TFO key twice.
