From 6e568e11dd479576d27dc74a0f77cbc81dd5f766 Mon Sep 17 00:00:00 2001 From: Simon Ruderich Date: Wed, 16 Mar 2011 14:25:45 +0100 Subject: [PATCH] README: Improve -u description. --- README | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README b/README index 444bec7..0178e5c 100644 --- a/README +++ b/README @@ -84,3 +84,7 @@ link on a different site) then the proxy just forwards the TLS connection (because it doesn't know the fingerprint for https://www.example.org/, that's how '-u' works) and you won't be aware that a different server certificate might be used! + +If you always verify the authentication of the connection this isn't a +problem, but if you only check if it's a HTTPS connection then this attack is +possible. -- 2.45.2