Skip to content

Commit

Permalink
update readme
Browse files Browse the repository at this point in the history
  • Loading branch information
@IrineSistiana
IrineSistiana committed Jul 20, 2020
1 parent 6de608d commit 1b77804
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 6 deletions.
8 changes: 4 additions & 4 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ Probably the simplest TLS plugin. It can:

- Protect and obfuscate your connections with real TLS1.3.
- Easily run as a SIP003 plugin and run on Android platform.
- Send padding data to against traffic analysis. (optional, experimental)
- Send random data packets at appropriate times. This can change the timing characteristics of data packets in one connection, which can protect you against timing traffic analysis. (optional, experimental)

---

Expand Down Expand Up @@ -43,7 +43,7 @@ You will need go v1.14 or later.

# Transfer mode (Client and server must have the same mode)
-pd
Enable padding-data more. Server will send some padding data to against traffic analysis.
Enable padding-data mode. Server will send some padding data to against traffic analysis.

# Client arguments
-n string
Expand Down Expand Up @@ -98,9 +98,9 @@ You can use `-gen-cert` to quickly generate an ECC certificate.

simple-tls -gen-cert -n certificate.dnsname -key ./my_ecc_cert.key -cert ./my_ecc_cert.cert

Or you can just start the server without `-key` and `-cert`. Server will automatically generate a temporary certificate.
Or you can just start the server without `-key` and `-cert`. Server will automatically generate a temporary certificate and store it in memory.

**Please note that:** In this case, client have to disable server certificate verify by using `-no-verify`. (Which is susceptible to man-in-the-middle attacks.) Or import generated cert as CA. See below.
**Please note that:** In those cases, client have to import generated cert as CA. See below. Or disable server certificate verify by using `-no-verify`. (not recommended, because this is susceptible to man-in-the-middle attacks.)

## How to import CA in client

Expand Down
4 changes: 2 additions & 2 deletions README_zh.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@

- 使用真正的TLS1.3协议来保护并混淆连接。
- 以SIP003插件运行。并且可用于Android系统。
- 发送填充数据来对抗流量分析。(可选,目前处于实验阶段)
- 在合适的时刻发送随机填充数据包,这能改变连接中数据包时序特征。用于对抗时序流量分析。(可选,目前处于实验阶段)

---

Expand Down Expand Up @@ -100,7 +100,7 @@

或者`-key``-cert`留空,直接启动服务端。服务端会自己生成一个临时的证书。

**请注意:** 这种情况下,客户端需用`-no-verify`禁用证书验证,有潜在MITM攻击风险。或导入之前生成的证书作为CA。见下
**请注意:** 这种情况下,客户端需要导入之前生成的证书作为CA。见下。或者`-no-verify`禁用证书验证(不建议,因为这样有潜在MITM攻击风险)

## 客户端如何导入CA证书

Expand Down

0 comments on commit 1b77804

Please sign in to comment.