diff --git a/include/haproxy/quic_conn-t.h b/include/haproxy/quic_conn-t.h
index b5ca429c9..dea013d90 100644
--- a/include/haproxy/quic_conn-t.h
+++ b/include/haproxy/quic_conn-t.h
@@ -92,7 +92,7 @@ typedef unsigned long long ull;
 /* Salt length used to derive retry token secret */
 #define QUIC_RETRY_TOKEN_SALTLEN       16 /* bytes */
 /* Retry token duration */
-#define QUIC_RETRY_DURATION_MS      10000
+#define QUIC_RETRY_DURATION_SEC       10
 /* Default Retry threshold */
 #define QUIC_DFLT_RETRY_THRESHOLD     100 /* in connection openings */
 /* Default limit of loss detection on a single frame. If exceeded, connection is closed. */
diff --git a/src/quic_conn.c b/src/quic_conn.c
index a64b967f6..3edfef767 100644
--- a/src/quic_conn.c
+++ b/src/quic_conn.c
@@ -5389,6 +5389,7 @@ static int parse_retry_token(struct quic_conn *qc,
 	int ret = 0;
 	uint64_t odcid_len;
 	uint32_t timestamp;
+	uint32_t now_sec = (uint32_t)date.tv_sec;
 
 	TRACE_ENTER(QUIC_EV_CONN_LPKT, qc);
 
@@ -5414,7 +5415,11 @@ static int parse_retry_token(struct quic_conn *qc,
 	}
 
 	timestamp = ntohl(read_u32(token + odcid_len));
-	if (tick_is_expired(tick_add(timestamp, MS_TO_TICKS(QUIC_RETRY_DURATION_MS)), now_ms)) {
+	/* check if elapsed time is +/- QUIC_RETRY_DURATION_SEC
+	 * to tolerate token generator is not perfectly time synced
+	 */
+	if ((uint32_t)(now_sec - timestamp) > QUIC_RETRY_DURATION_SEC &&
+            (uint32_t)(timestamp - now_sec) > QUIC_RETRY_DURATION_SEC) {
 		TRACE_ERROR("token has expired", QUIC_EV_CONN_LPKT, qc);
 		goto leave;
 	}
@@ -6358,7 +6363,7 @@ static int quic_generate_retry_token(unsigned char *token, size_t len,
 	size_t seclen = strlen(global.cluster_secret);
 	EVP_CIPHER_CTX *ctx = NULL;
 	const EVP_CIPHER *aead = EVP_aes_128_gcm();
-	uint32_t timestamp = now_ms;
+	uint32_t timestamp = (uint32_t)date.tv_sec;
 
 	TRACE_ENTER(QUIC_EV_CONN_TXPKT);