readme

.cargo/config.toml

@@ -2,4 +2,8 @@
 protocol = "sparse"
 
 [build]
+# target = "x86_64-unknown-linux-gnu"
 # target = "aarch64-linux-android"
+# target = "aarch64-apple-ios"
+# target = "x86_64-pc-windows-msvc"
+# target = "x86_64-apple-darwin"

readme-cn.md

@@ -1,10 +1,12 @@
 # overtls
 
-overtls 是 [SOCKS5](https://en.wikipedia.org/wiki/SOCKS#SOCKS5) 型代理軟件，在軟件內部通過 TLS 實現數據傳輸，同時支持 TCP 和 UDP 流量轉發。
+overtls 是 [SOCKS5](https://en.wikipedia.org/wiki/SOCKS#SOCKS5) 型代理軟件，
+在軟件內部通過 TLS 實現數據傳輸，同時支持 TCP 和 UDP 流量轉發。
 
 功能齊備且代碼精簡，核心功能總共也就大概 1200 行代碼。
 
-> `OverTLS` 相當於 [SSRoT](https://github.com/ShadowsocksR-Live/shadowsocksr-native) 去掉 `SSR` 和 `SS`, 唯獨保留 `oT` 的 Rust 實現，快如閃電，穩如老狗。
+> `OverTLS` 相當於 [SSRoT](https://github.com/ShadowsocksR-Live/shadowsocksr-native) 去掉 `SSR` 和 `SS`,
+> 唯獨保留 `oT` 的 Rust 實現，快如閃電，穩如老狗。
 > ```kotlin
 >     fun isOverTLS() : Boolean =
 >         over_tls_enable && method == "none" && obfs == "plain" && protocol == "origin"
@@ -14,17 +16,18 @@ overtls 是 [SOCKS5](https://en.wikipedia.org/wiki/SOCKS#SOCKS5) 型代理軟件
 ## 原理
 
 爲了能有效騙過 [GFW](https://en.wikipedia.org/wiki/Great_Firewall)，直接使用 [TLS](https://en.wikipedia.org/wiki/Transport_Layer_Security) 作爲代理協議是最簡單的方法。
-TLS 協議是一種加密協議，它的加密方式是對稱加密，即客戶端和服務端使用相同的密鑰進行加密解密。
+TLS 協議是互聯網的數據傳輸事实上的標準，所以 GFW 不能封鎖 TLS 協議，而且 TLS 協議是一種加密協議，
+所以 GFW 不知道通過 TLS 協議傳輸的數據的內容。
 
 我們可以利用這個特性，將客戶端和服務端的加密解密過程封裝成一個代理服務，這樣就可以在 GFW 的監視下，進行加密的 TCP 和 UDP 代理。
 
 overtls 客戶端首先與 overtls 服務端建立 TLS 連接，然後 overtls 客戶端和 overtls 服務端之間的數據交換都是加密的。
 
 我們只要約定 overtls 客戶端訪問某一特定資源 uri，就認爲是要進行代理，服務端會將含有這個 uri 的數據包轉發到指定的目標地址。
 
-我們的代理就這樣達成了。
+我們的代理目的就這樣達成了。
 
-因此，overtls 服務端和 overtls 客戶端之間的數據交換是加密的，而 overtls 服務端和目標服務器之間的數據交換是明文的。
+因此，overtls 服務端和 overtls 客戶端之間的數據交換是加密的，而 overtls 服務端和目標服務器之間的數據交換是"明文"的。
 
 綜上所述，我們需要準備的東西有：
 - 一個帶公網 IP 的 VPS 主機，必須自行購買，
@@ -46,7 +49,8 @@ cargo build --release
 
 ### 服務端一鍵安裝腳本
 
-安裝前請準備好帶公網 `IP` 的 `VPS` 主機和 `域名`，並將該域名解析到此 `主機` IP 上，然後執行以下命令，按提示操作，如果一切順利，結果就將 overtls 服務端 和 `nginx` 前置代理安裝到你的主機上，並申請好了證書。
+安裝前請準備好帶公網 `IP` 的 `VPS` 主機和 `域名`，並將該域名解析到此 `主機` IP 上，然後執行以下命令，
+按提示操作，如果一切順利，結果就將 overtls 服務端 和 `nginx` 前置代理安裝到你的主機上，並申請好了證書。
 
 目前只支持 3 種 `CPU` 架構的 `Linux` 機器： `x86_64`、`armv7` 和 `arm64`。
 ```bash

readme.md

@@ -2,7 +2,8 @@
 
 [中文版](readme-cn.md)
 
-overtls is [SOCKS5](https://en.wikipedia.org/wiki/SOCKS#SOCKS5) type proxy software, which realizes data transmission through TLS inside the software and supports TCP and UDP traffic forwarding at the same time.
+overtls is a [SOCKS5](https://en.wikipedia.org/wiki/SOCKS#SOCKS5) type proxy,
+which implements data transmission through TLS and supports TCP and UDP traffic forwarding at the same time.
 
 The function is complete and the code is concise, and the core function is 1200 lines of code in total.
 
@@ -14,29 +15,40 @@ The function is complete and the code is concise, and the core function is 1200
 
 ## Principle
 
-In order to effectively deceive [GFW](https://en.wikipedia.org/wiki/Great_Firewall), directly using [TLS](https://en.wikipedia.org/wiki/Transport_Layer_Security) as a proxy protocol is the simplest way. TLS protocol is an encryption protocol, which is symmetric encryption, i.e. the client and server use the same key for encryption and decryption.
+In order to effectively deceive [GFW](https://en.wikipedia.org/wiki/Great_Firewall),
+directly using [TLS](https://en.wikipedia.org/wiki/Transport_Layer_Security) as proxy protocol is the simplest way,
+because `TLS` protocol is the data transmission standard of internet in fact,
+so the `GFW` cannot block the `TLS` protocol, and the `TLS` protocol is an encryption protocol,
+so `GFW` cannot know the content of the data transmitted through the `TLS` protocol.
 
-We can take advantage of this feature to encapsulate the encryption and decryption process on the client and server sides as a proxy service, so that encrypted TCP and UDP proxies can be performed under `GFW` surveillance.
+We can take advantage of this feature to encapsulate the encryption and decryption process on
+the client and server sides as a proxy service, so that encrypted TCP and UDP proxies can
+be performed under `GFW` surveillance.
 
-The overtls client first establishes a TLS connection with the overtls server, and then the data exchange between the overtls client and the overtls server is encrypted.
+The overtls client first establishes a TLS connection with the overtls server,
+and then the data exchange between the overtls client and the overtls server is encrypted.
 
-We simply agree that the overtls client accessing a unique resource `uri` is considered to be a proxy, and the server will forward the packets containing this `uri` to the specified destination address.
+We simply agree that the overtls client accessing a unique resource `uri` is considered to be a proxy,
+and the server will forward the packets containing this `uri` to the specified destination address.
 
 This is how our proxy is achieved.
 
-Thus, the data exchange between the overtls server and the overtls client is encrypted, while the data exchange between the overtls server and the target server is in plaintext.
+Thus, the data exchange between the overtls server and the overtls client is encrypted,
+while the data exchange between the overtls server and the target server is in "plaintext".
 
 In summary, we need to prepare the following things
--    A `VPS` host with a public `IP`, which must be purchased by yourself.
--    A `domain name`, which can be purchased or applied for free, and resolve the `domain name` to the `IP` of the `VPS` host.
--    A pair of `https` certificates/private keys, which can be purchased or applied for free at [Let's Encrypt](https://letsencrypt.org/) .
--    an http server software (such as [nginx](https://www.nginx.com/) ), and provide site resources for masquerading purposes or acting as a front `reverse proxy`.
+- A `VPS` host with a public `IP`, which must be purchased by yourself.
+- A `domain name`, which can be purchased or applied for free, and resolve the `domain name` to the `IP` of the `VPS` host.
+- A pair of `https` certificates/private keys, which can be purchased or applied for free at [Let's Encrypt](https://letsencrypt.org/) .
+- An http server software (such as [nginx](https://www.nginx.com/) ), and provide site resources for masquerading purposes or acting as a front `reverse proxy`.
 
 ## Installation
 
-Can be compiled directly from the source code, or you can download the pre-compiled binary file from the [Release page](https://github.com/shadowsocksr-live/overtls/releases).
+Can be compiled directly from the source code, or you can download the pre-compiled binary file
+from the [Release page](https://github.com/shadowsocksr-live/overtls/releases).
 
-To compile from source code, you need to install the [Rust](https://www.rust-lang.org/) programming language environment first, and then run the following command to compile the software.
+To compile from source code, you need to install the [Rust](https://www.rust-lang.org/)
+programming language environment first, and then run the following commands to compile overtls.
 
 ```bash
 git clone https://github.com/shadowsocksr-live/overtls.git
@@ -46,7 +58,10 @@ cargo build --release
 
 ## Server-side one-click installation script
 
-Before installation, please prepare a `VPS` host with a public `IP` and a `domain name`, and resolve the `domain name` to this host `IP`, then run the following command and follow the prompts, if everything goes smoothly, the result will be overtls server and nginx front proxy installed on your host, and apply for a certificate.
+Before installation, please prepare a `VPS` host with a public `IP` and a `domain name`,
+and resolve the `domain name` to this host `IP`, then run the following command and follow the prompts,
+if everything goes smoothly, the result will be overtls server and nginx front proxy installed on your host,
+and apply for a certificate.
 
 Currently only 3 `CPU` architectures of `Linux` machines are supported: `x86_64`, `armv7` and `arm64`.
 
@@ -71,7 +86,8 @@ overtls -r server -c config.json
 overtls -r client -c config.json
 ```
 
-If you want to see log info, you can create a `.env` file in current dir (`pwd`) with `RUST_LOG=overtls=trace` as content.
+If you want to see log info, you can create a `.env` file in current dir (`pwd`)
+with `RUST_LOG=overtls=trace` as content.
 
 ### Configuration file
 ```json