Sorry when I wrote “Syncthing” I meant the whole project’s code, which includes the relay and the “normal instance”.
About the TCP exchanges, it is possible that the last ACK is lost, but that would be statistically unlikely.
The timeout does matter because if you are in high latency situation, connect will send the SYN and then just consider the remote is unreachable after 1s and just give up. The result is that the server will maintain a half open connection for a while (I’m not sure but I think the Linux default is 1min). If that happens a lot this of course becomes a problem and the SYN flood protection kicks in to avoid maintaining too much idle connections in memory.
So that is currently the most plausible explanation: the short timeout for high latency connections will cause the server to receive the SYN, and the client to give up before receiving the SYN-ACK.