From 6c4f4cdee25fd00b75fabc6a324b4915f5677628 Mon Sep 17 00:00:00 2001
From: DuckSoft <realducksoft@gmail.com>
Date: Wed, 9 Sep 2020 11:54:29 +0800
Subject: [PATCH] Update README.md

---
 Socks5-TLS/README.md | 65 ++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 59 insertions(+), 6 deletions(-)

diff --git a/Socks5-TLS/README.md b/Socks5-TLS/README.md
index 74d6b07..5f3fd1c 100644
--- a/Socks5-TLS/README.md
+++ b/Socks5-TLS/README.md
@@ -1,9 +1,64 @@
-## SOCKS5 / TLS
+## 关于 SOCKS5 / TLS 方案的安全提示
 
-### 安全提示
-该配置组合应仅供技术研究/参考使用，因为 SOCKS5 / TLS 的组合**极易受到主动探测**。
+该配置组合应仅供技术研究/参考使用，因为 **SOCKS5 over TLS 几乎不提供隐密性保证，可被简单地主动探测**。
 
-根据 [RFC1929](https://tools.ietf.org/html/rfc1929) 所叙，服务器对 SOCKS5 鉴权的返回格式如下：
+### 探测方式
+对任意未知 TLS 业务，若怀疑其为 SOCKS5/TLS 业务，则审查者可向该端口建立一个 TLS 链接，在 TLS 内传送 SOCKS5 载荷。
+
+若该服务对 SOCKS5 请求做出响应，无论是否设置 SOCKS5 的鉴权机制，审查者均可通过回包内容一次准确判断该业务是否为 SOCKS5 / TLS。
+
+来自 [@studentmain](https://github.com/studentmain) 的两个典型样例对话：
+
+```
+-> 05 01 01
+<- 05 ff
+```
+
+```
+-> 05 02 00 02
+<- 05 00 / 05 02
+```
+
+### 参考资料
+[RFC1928](https://tools.ietf.org/html/rfc1928) 节录如下：
+```
+   The client connects to the server, and sends a version
+   identifier/method selection message:
+
+                   +----+----------+----------+
+                   |VER | NMETHODS | METHODS  |
+                   +----+----------+----------+
+                   | 1  |    1     | 1 to 255 |
+                   +----+----------+----------+
+
+   The VER field is set to X'05' for this version of the protocol.  The
+   NMETHODS field contains the number of method identifier octets that
+   appear in the METHODS field.
+
+   The server selects from one of the methods given in METHODS, and
+   sends a METHOD selection message:
+
+                         +----+--------+
+                         |VER | METHOD |
+                         +----+--------+
+                         | 1  |   1    |
+                         +----+--------+
+
+   If the selected METHOD is X'FF', none of the methods listed by the
+   client are acceptable, and the client MUST close the connection.
+
+   The values currently defined for METHOD are:
+
+          o  X'00' NO AUTHENTICATION REQUIRED
+          o  X'01' GSSAPI
+          o  X'02' USERNAME/PASSWORD
+          o  X'03' to X'7F' IANA ASSIGNED
+          o  X'80' to X'FE' RESERVED FOR PRIVATE METHODS
+          o  X'FF' NO ACCEPTABLE METHODS
+
+```
+
+[RFC1929](https://tools.ietf.org/html/rfc1929) 节录如下：
 
 ```
    The server verifies the supplied UNAME and PASSWD, and sends the
@@ -19,5 +74,3 @@
    `failure' (STATUS value other than X'00') status, it MUST close the
    connection.
 ```
-
-如此，向可疑服务器建立 TLS 链接之后，随意发送一个鉴权请求，即可通过回包的格式断定该服务是否是 SOCKS5 / TLS。