From 1fe09b5407b527121135f2368ddcc365c010f8cd Mon Sep 17 00:00:00 2001
From: Hellojack <106379370+H1JK@users.noreply.github.com>
Date: Fri, 26 Aug 2022 18:45:31 +0800
Subject: [PATCH] Update documentation

---
 docs/configuration/shared/tls.md    | 13 +++++++++++++
 docs/configuration/shared/tls.zh.md | 15 ++++++++++++++-
 2 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/docs/configuration/shared/tls.md b/docs/configuration/shared/tls.md
index a72af3ad..a8fcd5e1 100644
--- a/docs/configuration/shared/tls.md
+++ b/docs/configuration/shared/tls.md
@@ -39,6 +39,7 @@
 ```json
 {
   "enabled": true,
+  "disable_sni": false,
   "server_name": "",
   "insecure": false,
   "alpn": [],
@@ -87,6 +88,18 @@ Cipher suite values:
 
 Enable TLS.
 
+#### disable_sni
+
+Disable [Server Name Indication (SNI)](https://en.wikipedia.org/wiki/Server_Name_Indication) extension in TLS Client Hello.
+
+!!! warning ""
+
+    This may break compatibility with some networking tools or platforms, such as CDN.
+
+!!! note ""
+
+    This will prevent the server name from being leaked during the TLS handshake. But since most TLS connections on the Internet contain this extension, this may become a more obvious characteristic and can be identified by censors.
+
 #### server_name
 
 Used to verify the hostname on the returned certificates unless insecure is given.
diff --git a/docs/configuration/shared/tls.zh.md b/docs/configuration/shared/tls.zh.md
index 18bc2bf2..cf6029f6 100644
--- a/docs/configuration/shared/tls.zh.md
+++ b/docs/configuration/shared/tls.zh.md
@@ -39,6 +39,7 @@
 ```json
 {
   "enabled": true,
+  "disable_sni": false,
   "server_name": "",
   "insecure": false,
   "alpn": [],
@@ -87,13 +88,25 @@ TLS 版本值：
 
 启用 TLS
 
+#### disable_sni
+
+在 TLS Client Hello 中禁用 [服务器名称指示 (SNI)](https://zh.wikipedia.org/wiki/%E6%9C%8D%E5%8A%A1%E5%99%A8%E5%90%8D%E7%A7%B0%E6%8C%87%E7%A4%BA) 扩展。
+
+!!! warning ""
+
+    这可能破坏与某些网络工具或平台的兼容，如 CDN。
+
+!!! note ""
+    
+    这将防止主机名在 TLS 握手阶段被泄露，但是由于互联网上大部分 TLS 连接都包含这一扩展，这可能成为较明显的特征并被审查者辨认。
+
 #### server_name
 
 用于验证返回证书上的主机名，除非设置不安全。
 
 它还包含在 ClientHello 中以支持虚拟主机，除非它是 IP 地址。
 
-参阅 [Server Name Indication](https://en.wikipedia.org/wiki/Server_Name_Indication)。
+参阅 [服务器名称指示 (SNI)](https://zh.wikipedia.org/wiki/%E6%9C%8D%E5%8A%A1%E5%99%A8%E5%90%8D%E7%A7%B0%E6%8C%87%E7%A4%BA)。
 
 #### insecure