diff --git a/cmd/ck-client/ck-client.go b/cmd/ck-client/ck-client.go
index fbcce43..5e1c91c 100644
--- a/cmd/ck-client/ck-client.go
+++ b/cmd/ck-client/ck-client.go
@@ -242,6 +242,7 @@ func main() {
 		remotePort = os.Getenv("SS_REMOTE_PORT")
 		config = os.Getenv("SS_PLUGIN_OPTIONS")
 	} else {
+		// TODO: allow proxy method to be set here as a flag so different cloak instances may share the same config file
 		flag.StringVar(&localHost, "i", "127.0.0.1", "localHost: Cloak listens to proxy clients on this ip")
 		flag.StringVar(&localPort, "l", "1984", "localPort: Cloak listens to proxy clients on this port")
 		flag.StringVar(&remoteHost, "s", "", "remoteHost: IP of your proxy server")
@@ -312,9 +313,11 @@ func main() {
 	} else {
 		var network string
 		if udp {
-			network = "udp"
+			network = "UDP"
+			sta.Unordered = true
 		} else {
-			network = "tcp"
+			network = "TCP"
+			sta.Unordered = false
 		}
 		log.Infof("Listening on %v %v:%v for proxy clients", network, listeningIP, sta.LocalPort)
 	}
diff --git a/internal/client/state.go b/internal/client/state.go
index b5283ed..0ec16b3 100644
--- a/internal/client/state.go
+++ b/internal/client/state.go
@@ -19,7 +19,6 @@ type rawConfig struct {
 	UID              string
 	PublicKey        string
 	BrowserSig       string
-	Unordered        bool
 	NumConn          int
 }
 
@@ -29,6 +28,7 @@ type State struct {
 	LocalPort  string
 	RemoteHost string
 	RemotePort string
+	Unordered  bool
 
 	Now       func() time.Time
 	SessionID uint32
@@ -41,7 +41,6 @@ type State struct {
 	EncryptionMethod byte
 	ServerName       string
 	NumConn          int
-	Unordered        bool
 }
 
 func InitState(localHost, localPort, remoteHost, remotePort string, nowFunc func() time.Time) *State {
@@ -125,7 +124,6 @@ func (sta *State) ParseConfig(conf string) (err error) {
 	sta.ProxyMethod = preParse.ProxyMethod
 	sta.ServerName = preParse.ServerName
 	sta.NumConn = preParse.NumConn
-	sta.Unordered = preParse.Unordered
 
 	uid, err := base64.StdEncoding.DecodeString(preParse.UID)
 	if err != nil {
diff --git a/internal/server/TLS.go b/internal/server/TLS.go
index a016d40..04c24bc 100644
--- a/internal/server/TLS.go
+++ b/internal/server/TLS.go
@@ -206,7 +206,7 @@ func composeReply(ch *ClientHello, sharedSecret []byte, sessionKey []byte) ([]by
 	}
 	shBytes := addRecordLayer(sh, []byte{0x16}, TLS12)
 	ccsBytes := addRecordLayer([]byte{0x01}, []byte{0x14}, TLS12)
-	cert := make([]byte, 68) // this is always 68 bytes
+	cert := make([]byte, 68) // TODO: add some different lengths maybe?
 	rand.Read(cert)
 	encryptedCertBytes := addRecordLayer(cert, []byte{0x17}, TLS12)
 	ret := append(shBytes, ccsBytes...)