Feature: add force-cert-verify to general config

force verify TLS Certificate, prevent machine-in-the-middle attacks.
2022-05-19 02:32:37 +08:00
parent 03499fcea6
commit d11d28c358
5 changed files with 56 additions and 31 deletions
--- a/README.md
+++ b/README.md
@@ -36,6 +36,13 @@
 Documentations are now moved to [GitHub Wiki](https://github.com/Dreamacro/clash/wiki).

 ## Advanced usage for this branch
+### General configuration
+```yaml
+sniffing: true # Sniff TLS SNI
+
+force-cert-verify: true # force verify TLS Certificate, prevent machine-in-the-middle attacks
+```
+
 ### MITM configuration
 A root CA certificate is required, the 
 MITM proxy server will generate a CA certificate file and a CA private key file in your Clash home directory, you can use your own certificate replace it. 
@@ -247,12 +254,6 @@ proxies:
    # skip-cert-verify: true
 ```

-### Sniffing configuration
-Sniff TLS SNI.
-```yaml
-sniffing: true
-```
-
 ### IPTABLES configuration
 Work on Linux OS who's supported `iptables`