From 1b77804f4f7540782e7050d0c6f74217049fbfa2 Mon Sep 17 00:00:00 2001 From: IrineSistiana <49315432+IrineSistiana@users.noreply.github.com> Date: Mon, 20 Jul 2020 10:56:01 +0800 Subject: [PATCH] update readme --- README.md | 8 ++++---- README_zh.md | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 4fb7489..6d375c0 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ Probably the simplest TLS plugin. It can: - Protect and obfuscate your connections with real TLS1.3. - Easily run as a SIP003 plugin and run on Android platform. -- Send padding data to against traffic analysis. (optional, experimental) +- Send random data packets at appropriate times. This can change the timing characteristics of data packets in one connection, which can protect you against timing traffic analysis. (optional, experimental) --- @@ -43,7 +43,7 @@ You will need go v1.14 or later. # Transfer mode (Client and server must have the same mode) -pd - Enable padding-data more. Server will send some padding data to against traffic analysis. + Enable padding-data mode. Server will send some padding data to against traffic analysis. # Client arguments -n string @@ -98,9 +98,9 @@ You can use `-gen-cert` to quickly generate an ECC certificate. simple-tls -gen-cert -n certificate.dnsname -key ./my_ecc_cert.key -cert ./my_ecc_cert.cert -Or you can just start the server without `-key` and `-cert`. Server will automatically generate a temporary certificate. +Or you can just start the server without `-key` and `-cert`. Server will automatically generate a temporary certificate and store it in memory. -**Please note that:** In this case, client have to disable server certificate verify by using `-no-verify`. (Which is susceptible to man-in-the-middle attacks.) Or import generated cert as CA. See below. +**Please note that:** In those cases, client have to import generated cert as CA. See below. Or disable server certificate verify by using `-no-verify`. (not recommended, because this is susceptible to man-in-the-middle attacks.) ## How to import CA in client diff --git a/README_zh.md b/README_zh.md index cc9178b..3884da5 100644 --- a/README_zh.md +++ b/README_zh.md @@ -8,7 +8,7 @@ - 使用真正的TLS1.3协议来保护并混淆连接。 - 以SIP003插件运行。并且可用于Android系统。 -- 发送填充数据来对抗流量分析。(可选,目前处于实验阶段) +- 在合适的时刻发送随机填充数据包,这能改变连接中数据包时序特征。用于对抗时序流量分析。(可选,目前处于实验阶段) --- @@ -100,7 +100,7 @@ 或者`-key`和`-cert`留空,直接启动服务端。服务端会自己生成一个临时的证书。 -**请注意:** 这种情况下,客户端需用`-no-verify`禁用证书验证,有潜在MITM攻击风险。或导入之前生成的证书作为CA。见下。 +**请注意:** 这种情况下,客户端需要导入之前生成的证书作为CA。见下。或者`-no-verify`禁用证书验证(不建议,因为这样有潜在MITM攻击风险)。 ## 客户端如何导入CA证书