update docs for spelling, grammar and readability

Author: Conradowatz

Docs/docs/00-Introduction.md

@@ -1,19 +1,25 @@
 # Introduction
 
-Welcome to TLS-Anvil, our test suite for (D)TLS 1.2 and 1.3 servers and clients. TLS-Anvil currently includes around 400 test cases that are based on requirements derived from various TLS related RFCs listed below as well as attacks from the past. The tests are implemented in Java using JUnit, coffee4j and TLS-Attacker and aim to detect violations of the TLS specification by TLS servers or clients.
+Welcome to **TLS-Anvil**, our comprehensive test suite for testing (D)TLS 1.2 and 1.3 servers and clients.  
+TLS-Anvil currently includes approximately 400 test cases based on requirements derived from various TLS-related RFCs, as well as from known past attacks.
 
-**RFCs covered by tests:**
-* [RFC 5246](https://datatracker.ietf.org/doc/html/rfc5246) - The Transport Layer Security (TLS) Protocol Version 1.2
-* [RFC 8446](https://datatracker.ietf.org/doc/html/rfc8446) - The Transport Layer Security (TLS) Protocol Version 1.3
-* [RFC 8701](https://datatracker.ietf.org/doc/html/rfc8701) - Applying Generate Random Extensions And Sustain Extensibility (GREASE) to TLS Extensibility
-* [RFC 7507](https://datatracker.ietf.org/doc/html/rfc7507) - TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks
-* [RFC 6066](https://datatracker.ietf.org/doc/html/rfc6066) - Transport Layer Security (TLS) Extensions: Extension Definitions
-* [RFC 7568](https://datatracker.ietf.org/doc/html/rfc7568) - Deprecating Secure Sockets Layer Version 3.0
-* [RFC 7919](https://datatracker.ietf.org/doc/html/rfc7919) - Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for Transport Layer Security (TLS)
-* [RFC 7465](https://datatracker.ietf.org/doc/html/rfc7465) - Prohibiting RC4 Cipher Suites
-* [RFC 7366](https://datatracker.ietf.org/doc/html/rfc7366) - Encrypt-then-MAC for Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)
-* [RFC 8422](https://datatracker.ietf.org/doc/html/rfc8422) - Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS) Versions 1.2 and Earlier
-* [RFC 7685](https://datatracker.ietf.org/doc/html/rfc7685) - A Transport Layer Security (TLS) ClientHello Padding Extension
-* [RFC 6176](https://datatracker.ietf.org/doc/html/rfc6176) - Prohibiting Secure Sockets Layer (SSL) Version 2.0
-* [RFC 7457](https://datatracker.ietf.org/doc/html/rfc7457) - Summarizing Known Attacks on Transport Layer Security (TLS) and Datagram TLS (DTLS)
-* [RFC 6347](https://datatracker.ietf.org/doc/html/rfc6347) - Datagram Transport Layer Security Version 1.2
+The tests are implemented in Java using **JUnit**, **coffee4j**, and **TLS-Attacker**, and are designed to detect deviations from the TLS specification in both servers and clients.
+
+---
+
+### RFCs Covered by the Test Suite
+
+* [RFC 5246](https://datatracker.ietf.org/doc/html/rfc5246) — The Transport Layer Security (TLS) Protocol Version 1.2
+* [RFC 8446](https://datatracker.ietf.org/doc/html/rfc8446) — The Transport Layer Security (TLS) Protocol Version 1.3
+* [RFC 8701](https://datatracker.ietf.org/doc/html/rfc8701) — Applying Generate Random Extensions And Sustain Extensibility (GREASE) to TLS Extensibility
+* [RFC 7507](https://datatracker.ietf.org/doc/html/rfc7507) — TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks
+* [RFC 6066](https://datatracker.ietf.org/doc/html/rfc6066) — TLS Extensions: Extension Definitions
+* [RFC 7568](https://datatracker.ietf.org/doc/html/rfc7568) — Deprecating Secure Sockets Layer Version 3.0
+* [RFC 7919](https://datatracker.ietf.org/doc/html/rfc7919) — Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS
+* [RFC 7465](https://datatracker.ietf.org/doc/html/rfc7465) — Prohibiting RC4 Cipher Suites
+* [RFC 7366](https://datatracker.ietf.org/doc/html/rfc7366) — Encrypt-then-MAC for TLS and DTLS
+* [RFC 8422](https://datatracker.ietf.org/doc/html/rfc8422) — ECC Cipher Suites for TLS Versions 1.2 and Earlier
+* [RFC 7685](https://datatracker.ietf.org/doc/html/rfc7685) — ClientHello Padding Extension
+* [RFC 6176](https://datatracker.ietf.org/doc/html/rfc6176) — Prohibiting SSL Version 2.0
+* [RFC 7457](https://datatracker.ietf.org/doc/html/rfc7457) — Summary of Known Attacks on TLS and DTLS
+* [RFC 6347](https://datatracker.ietf.org/doc/html/rfc6347) — Datagram Transport Layer Security Version 1.2

Docs/docs/01-Quick-Start/00-index.md

@@ -1,26 +1,25 @@
 # Quick Start
 
-The quick start guide is showing you how to use TLS-Anvil to test a TLS server or client.
-This is basically a two step process.
+This quick start guide demonstrates how to use **TLS-Anvil** to test a TLS server or client.  
+The process involves two main steps.
 
-First TLS-Anvil is executed to perform the tests against the OpenSSL example server and client.
-We will use OpenSSL as an example implementation here.
-TLS-Anvil as well as the OpenSSL server/client will run inside a Docker container.
-The OpenSSL server/client images are provided by the TLS-Docker-Library project which we released alongside TLS-Anvil.
-So see how you can test against other implementations that are inside the TLS-Docker-Library see [Using the TLS-Docker-Library](/docs/Docker-Library).
+First, TLS-Anvil is executed to run tests against an example TLS server and client based on OpenSSL.  
+Both TLS-Anvil and the OpenSSL server/client run inside Docker containers.
 
-The second step is to analyze the results.
-Those are going to be imported into a web application that visualizes the results for each test case.
-The application is also able to inspect every connection between TLS-Anvil and the tested target at TCP message level.
+The OpenSSL server/client images are provided by the **TLS-Docker-Library** project, which was released alongside TLS-Anvil.  
+To learn how to test against other implementations available in the TLS-Docker-Library, refer to [Using the TLS-Docker-Library](/docs/Docker-Library).
+
+The second step is analyzing the test results.  
+These results are imported into a web application that visualizes the outcomes of each test case.  
+The application also allows inspection of every connection between TLS-Anvil and the target implementation at the TCP message level.
 
 ### Requirements
 
 - Docker
-- Python *(optional, for using TLS-Docker-Library to test other implementations)*
+- Python *(optional — required only if using TLS-Docker-Library to test other implementations)*
 
 ### GitHub Repositories
 
-- [TLS-Anvil](https://github.com/tls-attacker/tls-anvil) (Testsuite)
-- [TLS-Docker-Library](https://github.com/tls-attacker/tls-docker-library) *(optional, images of TLS implementations)*
-- [Anvil-Web](https://github.com/tls-attacker/anvil-web) *(optional, for a graphical user interface and to analyze reports)*
-
+- [TLS-Anvil](https://github.com/tls-attacker/tls-anvil) — Test suite
+- [TLS-Docker-Library](https://github.com/tls-attacker/tls-docker-library) *(optional — Docker images of various TLS implementations)*
+- [Anvil-Web](https://github.com/tls-attacker/anvil-web) *(optional — graphical user interface for analyzing test reports)*

Docs/docs/01-Quick-Start/01-Server-Testing.md

@@ -1,21 +1,21 @@
 # Server Testing
 
-This site demonstrates how to test an OpenSSL server provided by the TLS-Docker-Library.
-You can of course also test other implementations, for example by [using the TLS-Docker-Library](/docs/Docker-Library) or by running your own server binary.
+This site demonstrates how to test an OpenSSL server provided by the TLS-Docker-Library.  
+You can also test other implementations, for example by [using the TLS-Docker-Library](/docs/Docker-Library) or by running your own server binary.
 
-Testing the server in the most simple form roughly takes around 10-20 minutes.
-However, this duration can increase to several depending on the strength parameter that basically defines how often a single test case is performed with different parameters.
+Testing the server in its simplest form typically takes around 10-20 minutes.  
+However, this duration may increase to several hours depending on the strength parameter, which defines how many times each test case is executed with varying parameters.
 
 ### Preparations
 
 :::info
 
-The server image we will use, is prebuilt by us using the [TLS-Docker-Library](https://github.com/tls-attacker/tls-docker-library).
-We included certificates in the container, so that you do not have to generate them yourself.
+The server image we use is prebuilt by us using the [TLS-Docker-Library](https://github.com/tls-attacker/tls-docker-library).  
+We have included certificates in the container, so you do not need to generate them yourself.
 
 :::
 
-For better compatibility, we create a dedicated docker network that is used by TLS-Anvil and the OpenSSL server container to communicate with each other.
+For better compatibility, we create a dedicated Docker network that allows TLS-Anvil and the OpenSSL server container to communicate.
 
 ```bash
 docker network create tls-anvil
@@ -25,32 +25,31 @@ docker network create tls-anvil
 
 :::info
 
-As mentioned before, we use OpenSSL as an example. In this case the server uses an RSA certificate. However, TLS-Anvil works with any certificate and automatically adapts the tests to the given circumstances.
+As mentioned before, we use OpenSSL as an example. In this case, the server uses an RSA certificate. However, TLS-Anvil supports any certificate type and automatically adapts the tests accordingly.
 
 :::
 
-Starting the server can be done with the following command. This will download a pre-built image from our GitHub registry, and run it.
+Start the server with the following command. This will download a pre-built image from our GitHub registry and run it.
 
 ```bash showLineNumbers
 docker run \
     -d \
     --rm \
     --name openssl-server \
     --network tls-anvil \
-    -v cert-data:/certs/ \
     ghcr.io/tls-attacker/openssl-server:1.1.1i \
     -port 8443 \
     -cert /certs/rsa2048cert.pem \
     -key /certs/rsa2048key.pem
 ```
 
-* Lines 2-6: Docker related command flags
-* Line 7: Specifies the Docker image from the TLS-Docker-Library
-* Lines 8-10: Those flags are passed to the OpenSSL `s_server` binary
+* Lines 2-5: Docker-related command flags
+* Line 6: Specifies the Docker image from the TLS-Docker-Library
+* Lines 7-9: Flags passed to the OpenSSL `s_server` binary
 
 ### Starting TLS-Anvil
 
-After that, TLS-Anvil is started. The current directory is mounted to the docker container and used to store the results. We connect to the server using its docker hostname `openssl-server`, which is possible since they are on the same docker network.
+Next, start TLS-Anvil. The current directory is mounted into the Docker container to store the results. We connect to the server using its Docker hostname `openssl-server`, which works because both containers are on the same Docker network.
 
 ```bash showLineNumbers
 docker run \
@@ -69,16 +68,17 @@ docker run \
     -connect openssl-server:8443
 ```
 
-* Lines 2-5: Docker related command flags
-* Line 6: Set the output directory through a docker volume
-* Line 7: Specifies the TLS-Anvil docker image
-* Line 8: Zip the results, that way we can easily import them into Anvil-Web later
-* Line 9: Since the OpenSSL example server is single threaded, we can only perform one handshakes sequentially
-* Line 10: We run our server locally, so we can reduce the timeout to 200ms.
-* Line 11: Defines the strength, i.e. the `t` for t-way combinatorial testing
-* Line 13: We want to test a server
-* Line 14: Determines the details how TLS-Anvil should connect to the server
-
-### What now?
-After the testsuite finished you should see a folder named `Results_...` which contains all the results.
-To analyze them, go to [Viewing Results](Anvil-Web).
+* Lines 2-5: Docker-related command flags
+* Line 6: Mounts the output directory as a Docker volume
+* Line 7: Specifies the TLS-Anvil Docker image
+* Line 8: Compresses the results into a zip archive for easier import into Anvil-Web later
+* Line 9: Since the OpenSSL example server is single-threaded, only one handshake is performed sequentially
+* Line 10: The server runs locally, so the connection timeout is set to 200 ms
+* Line 11: Sets the strength parameter, i.e., the `t` value for t-way combinatorial testing
+* Line 13: Specifies that we want to test a server
+* Line 14: Details how TLS-Anvil should connect to the server
+
+### What Now?
+
+After the test suite finishes, you should see a folder named `Results_...` containing all the results.  
+To analyze them, refer to [Viewing Results](Anvil-Web).

Docs/docs/01-Quick-Start/02-Client-Testing.md

@@ -1,23 +1,24 @@
 # Client Testing
 
-This site demonstrates how to test the OpenSSL client provided by the TLS-Docker-Library.
-You can of course also test other implementations, for example by [using the TLS-Docker-Library](/docs/Docker-Library) or by running your own client binary.
+This page demonstrates how to test the OpenSSL client using the TLS-Docker-Library.  
+You can also test other implementations—for example, by [using the TLS-Docker-Library](/docs/Docker-Library) or by running your own client binary.
 
-Testing the client in the most simple form roughly takes around 15 minutes.
-However, this duration can increase to several depending on the strength parameter that basically defines how often a single test case is performed with different parameters.
+Running the test suite in its simplest form typically takes around 15 minutes.  
+However, the duration may increase depending on the `strength` parameter, which defines how many variations of a single test case are executed with different parameters.
 
 ### Preparations
 
-Similar to the server test we first create a dedicated docker network that is used by the TLS-Anvil and OpenSSL client container to communicate with each other. If it is already created, no need to recreate it.
+Just like with server testing, we first create a dedicated Docker network that allows the TLS-Anvil and OpenSSL client containers to communicate.  
+If the network has already been created, you can skip this step.
 
 ```bash
 docker network create tls-anvil
 ```
 
-### Starting the TLS-Anvil container
+### Starting the TLS-Anvil Container
 
-Since the client has to connect to TLS-Anvil the test suite container is started first.
-After starting, the testsuite is waiting for the client to connect, so leave the terminal open.
+Since the client needs to connect to TLS-Anvil, the test suite container must be started first.  
+Once running, the test suite will wait for the client to connect, so keep the terminal open.
 
 ```bash showLineNumbers
 docker run \
@@ -37,30 +38,32 @@ docker run \
     -triggerScript curl --connect-timeout 2 openssl-client:8090/trigger
 ```
 
-* Lines 2-5: Docker related command flags
-* Line 6: Set the output directory through a docker volume
-* Line 7: Specifies the TLS-Anvil docker image
-* Line 8: Zip the results, that way we can easily import them into Anvil-Web later
-* Lines 9-10: Since the client can started multiple times, TLS-Anvil can run multiple tests and handshakes in parallel
-* Line 11: Defines the strength, i.e. the `t` for t-way combinatorial testing
-* Line 12: Defines an arbitrary name that is written to the report
-* Line 13: We want to test a client
-* Line 14: The port on which TLS-Anvil listens to accept requests from the client
-* Line 15: Specifies a script that is executed before each handshake, which the goal to trigger a connection from the client. See below how this works.
+* Lines 2–5: Docker-related command flags
+* Line 6: Mounts the current directory as the output directory
+* Line 7: Specifies the TLS-Anvil Docker image
+* Line 8: Compresses the results into a ZIP file for easier import into Anvil-Web
+* Lines 9–10: TLS-Anvil can run multiple tests and handshakes in parallel since the client can be started multiple times
+* Line 11: Sets the `strength` parameter for t-way combinatorial testing
+* Line 12: Defines an identifier name that appears in the test report
+* Line 13: Indicates that we are testing a client
+* Line 14: Specifies the port TLS-Anvil listens on for client connections
+* Line 15: Provides a script that is executed before each handshake to trigger a new client connection. See explanation below.
 
-### Starting the OpenSSL client container
+### Starting the OpenSSL Client Container
 
 :::info
 
-As mentioned before, we use OpenSSL as an example.
-The OpenSSL client image in this example is prebuilt using the [TLS-Docker-Library](https://github.com/tls-attacker/tls-docker-library). The entrypoint of the client images is a small HTTP server that provides two REST-API endpoints on port 8090.
-* `GET /trigger` starts the client
-* `GET /shutdown` shutdown the HTTP server to terminate the container
+As mentioned, we use OpenSSL as an example client.  
+The OpenSSL client image used here is pre-built using the [TLS-Docker-Library](https://github.com/tls-attacker/tls-docker-library).  
+Its entrypoint is a small HTTP server that exposes two REST API endpoints on port 8090:
+
+- `GET /trigger` — starts the client
+- `GET /shutdown` — shuts down the HTTP server and terminates the container
 
 :::
 
-Starting the client can be done with the following command. This will download a pre-built image from our GitHub registry, and run it.
-Since TLS-Anvil is already running, open another terminal to start the client.
+Start the client using the following command. This downloads a pre-built image from our GitHub Container Registry and runs it.  
+Since TLS-Anvil is already running, open a new terminal to start the client.
 
 ```bash showLineNumbers
 docker run \
@@ -72,10 +75,11 @@ docker run \
     -connect tls-anvil:8443
 ```
 
-* Lines 2-5: Docker related command flags
+* Lines 2–5: Docker-related command flags
 * Line 6: Specifies the OpenSSL client image from the TLS-Docker-Library
-* Line 7: This is passed to the OpenSSL `s_client` binary, which is started each time a HTTP-GET request is sent to `:8090/trigger`.
+* Line 7: This argument is passed to the OpenSSL `s_client` binary, which is executed each time a `GET /trigger` request is sent to port 8090
+
+### What Now?
 
-### What now?
-After the testsuite finished you should see a folder named `Results_...` which contains all the results.
-To analyze them, go to the next page.
+After the test suite finishes, a folder named `Results_...` will appear in your working directory.  
+This folder contains all the test results. To analyze them, proceed to the next page.