X-Git-Url: https://ruderich.org/simon/gitweb/?p=tlsproxy%2Ftlsproxy.git;a=blobdiff_plain;f=README;h=f72eca02910eb361426f9d2af293471039ac497e;hp=31d64f9f8e022fe6e538bc846f15dcc246d20023;hb=7eba49d24d56288d83746f3f0ce383d7c0c36552;hpb=2c6f390decf78aeddfd8d652e32343e7b11f0f06

diff --git a/README b/README
index 31d64f9..f72eca0 100644
--- a/README
+++ b/README
@@ -24,6 +24,7 @@ This creates the following files:
 
 - `proxy-ca.pem`:      CA which is used for all connections to the client
 - `proxy-ca-key.pem`:  private key for the CA
+- `proxy-dh.pem`:      Diffie-Hellman parameters for the proxy
 - `proxy-key.pem`:     private key for the proxy
 - `proxy-invalid.pem`: special certificate used for invalid pages
 
@@ -90,6 +91,11 @@ If you always verify the authentication of the connection this isn't a
 problem, but if you only check if it's a HTTPS connection then this attack is
 possible.
 
+Another issue is embedded active content, like JavaScript. If the website
+includes data from a different host (e.g. a different sub-domain), for which
+tlsproxy has no certificate, then an attacker can MITM that connection and
+inject JavaScript with unknown consequences into the browser.
+
 
 KNOWN ISSUES
 ------------
@@ -110,7 +116,7 @@ LICENSE
 
 tlsproxy is licensed under GPL version 3 or later.
 
-Copyright (C) 2011-2013  Simon Ruderich
+Copyright (C) 2011-2014  Simon Ruderich
 
 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by