X-Git-Url: https://ruderich.org/simon/gitweb/?p=tlsproxy%2Ftlsproxy.git;a=blobdiff_plain;f=README;fp=README;h=0178e5c8f97a7caff3f3041cb50e4751ac10bc52;hp=444bec794b59e0573ac4b69f8bc13cc26c665aa5;hb=6e568e11dd479576d27dc74a0f77cbc81dd5f766;hpb=17eaccf9d2388fa7e0131ad83868666119b6f2c9

diff --git a/README b/README
index 444bec7..0178e5c 100644
--- a/README
+++ b/README
@@ -84,3 +84,7 @@ link on a different site) then the proxy just forwards the TLS connection
 (because it doesn't know the fingerprint for https://www.example.org/, that's
 how '-u' works) and you won't be aware that a different server certificate
 might be used!
+
+If you always verify the authentication of the connection this isn't a
+problem, but if you only check if it's a HTTPS connection then this attack is
+possible.