diff --git a/.travis.yml b/.travis.yml
index 503d829..a9648db 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,15 +1,10 @@
 language: go
 go:
-  - 1.1
+  - 1.3
 install:
-  - go get github.com/cyfdecyf/leakybuf
   - go get code.google.com/p/go.crypto/blowfish
   - go get code.google.com/p/go.crypto/cast5
-  - pushd $TRAVIS_BUILD_DIR
   - go install ./cmd/shadowsocks-local
   - go install ./cmd/shadowsocks-server
-  - popd
 script:
-  - pushd $TRAVIS_BUILD_DIR
   - PATH=$PATH:$HOME/gopath/bin bash -x ./script/test.sh
-  - popd
diff --git a/CHANGELOG b/CHANGELOG
index e9f800c..72826e9 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,3 +1,7 @@
+1.1.2 (2014-09-21)
+    * Support new encryption method "rc4-md5"
+    * Use aes-256-cfb as default encryption method for command line app
+
 1.1.1 (2013-07-12)
     * Add -b option to limit listen address for client
     * Fix can't override server address on command line
diff --git a/README.md b/README.md
index 7de9007..11aabc5 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 # shadowsocks-go
 
-Current version: 1.1.1 [![Build Status](https://travis-ci.org/shadowsocks/shadowsocks-go.png?branch=master)](https://travis-ci.org/shadowsocks/shadowsocks-go)
+Current version: 1.1.2 [![Build Status](https://travis-ci.org/shadowsocks/shadowsocks-go.png?branch=master)](https://travis-ci.org/shadowsocks/shadowsocks-go)
 
 shadowsocks-go is a lightweight tunnel proxy which can help you get through firewalls. It is a port of [shadowsocks](https://github.com/clowwindy/shadowsocks).
 
@@ -23,7 +23,7 @@ go get github.com/shadowsocks/shadowsocks-go/cmd/shadowsocks-server
 go get github.com/shadowsocks/shadowsocks-go/cmd/shadowsocks-local
 ```
 
-It's recommend to disable cgo when compiling shadowsocks-go. This will prevent the go runtime from creating too many threads for dns lookup.
+It's recommended to disable cgo when compiling shadowsocks-go. This will prevent the go runtime from creating too many threads for dns lookup.
 
 # Usage
 
@@ -35,8 +35,8 @@ Configuration file is in json format and has the same syntax with [shadowsocks-n
 server          your server ip or hostname
 server_port     server port
 local_port      local socks5 proxy port
-method          encryption method, null by default, the following methods are supported:
-                    aes-128-cfb, aes-192-cfb, aes-256-cfb, bf-cfb, cast5-cfb, des-cfb, rc4
+method          encryption method, null by default (table), the following methods are supported:
+                    aes-128-cfb, aes-192-cfb, aes-256-cfb, bf-cfb, cast5-cfb, des-cfb, rc4-md5, rc4, table
 password        a password used to encrypt transfer
 timeout         server option, in seconds
 ```
@@ -51,9 +51,9 @@ SOCKS5 127.0.0.1:local_port
 
 ## About encryption methods
 
-AES is recommended for shadowsocks-go. ([Intel AES Instruction Set](http://en.wikipedia.org/wiki/AES_instruction_set) will be used if available and can make encryption/decryption fast.)
+AES is recommended for shadowsocks-go. [Intel AES Instruction Set](http://en.wikipedia.org/wiki/AES_instruction_set) will be used if available and can make encryption/decryption very fast. To be more specific, **`aes-128-cfb` is recommended as it is faster and [secure enough](https://www.schneier.com/blog/archives/2009/07/another_new_aes.html)**.
 
-**rc4 and table encryption methods are deprecated because they are not secure**.
+**rc4 and table encryption methods are deprecated because they are not secure.**
 
 ## Command line options
 
@@ -61,10 +61,10 @@ Command line options can override settings from configuration files. Use `-h` op
 
 ```
 shadowsocks-local -s server_address -p server_port -k password
-    -m rc4 -c config.json
+    -m aes-128-cfb -c config.json
     -b local_address -l local_port
 shadowsocks-server -p server_port -k password
-    -m rc4 -c config.json
+    -m aes-128-cfb -c config.json
     -t timeout
 ```
 
diff --git a/cmd/shadowsocks-local/local.go b/cmd/shadowsocks-local/local.go
index 68ec07d..e0336a4 100644
--- a/cmd/shadowsocks-local/local.go
+++ b/cmd/shadowsocks-local/local.go
@@ -355,7 +355,7 @@ func main() {
 	flag.StringVar(&cmdConfig.Password, "k", "", "password")
 	flag.IntVar(&cmdConfig.ServerPort, "p", 0, "server port")
 	flag.IntVar(&cmdConfig.LocalPort, "l", 0, "local socks5 proxy port")
-	flag.StringVar(&cmdConfig.Method, "m", "", "encryption method, use empty string or rc4")
+	flag.StringVar(&cmdConfig.Method, "m", "aes-256-cfb", "encryption method")
 	flag.BoolVar((*bool)(&debug), "d", false, "print debug message")
 
 	flag.Parse()
diff --git a/cmd/shadowsocks-server/server.go b/cmd/shadowsocks-server/server.go
index a7889c1..391d2b2 100644
--- a/cmd/shadowsocks-server/server.go
+++ b/cmd/shadowsocks-server/server.go
@@ -57,7 +57,7 @@ func getRequest(conn *ss.Conn) (host string, extra []byte, err error) {
 	case typeDm:
 		reqLen = int(buf[idDmLen]) + lenDmBase
 	default:
-		err = errors.New(fmt.Sprintf("addr type %d not supported", buf[idType]))
+		err = fmt.Errorf("addr type %d not supported", buf[idType])
 		return
 	}
 
@@ -322,7 +322,7 @@ func main() {
 	flag.StringVar(&cmdConfig.Password, "k", "", "password")
 	flag.IntVar(&cmdConfig.ServerPort, "p", 0, "server port")
 	flag.IntVar(&cmdConfig.Timeout, "t", 60, "connection timeout (in seconds)")
-	flag.StringVar(&cmdConfig.Method, "m", "", "encryption method, use empty string or rc4")
+	flag.StringVar(&cmdConfig.Method, "m", "aes-256-cfb", "encryption method")
 	flag.IntVar(&core, "core", 0, "maximum number of CPU cores to use, default is determinied by Go runtime")
 	flag.BoolVar((*bool)(&debug), "d", false, "print debug message")
 
diff --git a/config.json b/config.json
index 0a9f319..8475f08 100644
--- a/config.json
+++ b/config.json
@@ -3,5 +3,6 @@
     "server_port":8388,
     "local_port":1080,
     "password":"barfoo!",
+    "method": "aes-128-cfb",
     "timeout":600
 }
diff --git a/sample-config/client-multi-server.json b/sample-config/client-multi-server.json
index 3b534e1..21e2058 100644
--- a/sample-config/client-multi-server.json
+++ b/sample-config/client-multi-server.json
@@ -1,7 +1,7 @@
 {
-	"local_port":1081,
+	"local_port": 1081,
 	"server_password": [
 		["127.0.0.1:8387", "foobar"],
-		["127.0.0.1:8388", "barfoo", "rc4"]
+		["127.0.0.1:8388", "barfoo", "aes-128-cfb"]
 	]
 }
diff --git a/sample-config/server-multi-port.json b/sample-config/server-multi-port.json
index 1ef4f64..39ac351 100644
--- a/sample-config/server-multi-port.json
+++ b/sample-config/server-multi-port.json
@@ -3,5 +3,6 @@
 		"8387": "foobar",
 		"8388": "barfoo"
 	},
-	"timeout": 600,
+	"method": "aes-128-cfb",
+	"timeout": 600
 }
diff --git a/script/build.sh b/script/build.sh
index 75d00ec..207b4cf 100755
--- a/script/build.sh
+++ b/script/build.sh
@@ -51,11 +51,11 @@ build windows 386 win32 local
 
 build linux amd64 linux64 server
 build linux 386 linux32 server
-#build darwin amd64 mac64 server
+build darwin amd64 mac64 server
 build windows amd64 win64 server
 build windows 386 win32 server
 
-script/createdeb.sh amd64
-script/createdeb.sh 386
-mv shadowsocks-go_$version-1-*.deb bin/
-rm -rf shadowsocks-go_$version-1*
+#script/createdeb.sh amd64
+#script/createdeb.sh i386
+#mv shadowsocks-go_$version-1-*.deb bin/
+#rm -rf shadowsocks-go_$version-1*
diff --git a/script/createdeb.sh b/script/createdeb.sh
index fb02278..92a061c 100755
--- a/script/createdeb.sh
+++ b/script/createdeb.sh
@@ -13,7 +13,7 @@ export GOOS=linux
 
 arch=$1
 case $arch in
-    386)
+    i386)
         export GOARCH=386
         ;;
     amd64)
diff --git a/script/http.go b/script/http.go
new file mode 100644
index 0000000..6ae6f4d
--- /dev/null
+++ b/script/http.go
@@ -0,0 +1,21 @@
+/* Simple http server for testing. */
+package main
+
+import (
+	"fmt"
+	"net/http"
+	"os"
+)
+
+func handler(w http.ResponseWriter, r *http.Request) {
+	fmt.Fprintf(w, "Hello, shadowsocks-go!")
+}
+
+func main() {
+	if len(os.Args) != 2 {
+		fmt.Println("Usage: http <port>")
+		os.Exit(1)
+	}
+	http.HandleFunc("/", handler)
+	http.ListenAndServe("127.0.0.1:"+os.Args[1], nil)
+}
diff --git a/script/test.sh b/script/test.sh
index 0286a0a..4a28832 100755
--- a/script/test.sh
+++ b/script/test.sh
@@ -1,8 +1,22 @@
 #!/bin/bash
 
+# Run in the scripts directory.
+cd "$( dirname "${BASH_SOURCE[0]}" )"
+
 OPTION="-p 8389 -k foobar"
 LOCAL_PORT="1090"
 SOCKS="127.0.0.1:$LOCAL_PORT"
+HTTP_PORT="8123"
+
+start_http_server() {
+    go build http.go
+    ./http $HTTP_PORT &
+    http_pid=$!
+}
+
+stop_http_server() {
+    kill -SIGTERM $http_pid
+}
 
 test_get() {
     local url
@@ -45,23 +59,36 @@ test_shadowsocks() {
     $LOCAL $OPTION -s 127.0.0.1 -l $LOCAL_PORT -m "$method" &
     local_pid=$!
 
-    # wait server and client finish startup
-    sleep 1
+    # Wait server and client finish startup.
+    sleeptime=0.1
+    if [ -n "$TRAVIS" ]; then
+        # On Travis we need to wait a little longer.
+        sleeptime=1
+    elif echo $SERVER $LOCAL | grep 'py'; then
+        # The python version is slow to start.
+        if [[ $method == "table" ]]; then
+            sleeptime=2
+        else
+            sleeptime=0.5
+        fi
+    fi
+    echo $sleeptime
+    sleep $sleeptime
 
     for i in {1..3}; do
-        if ! test_get $url "<html"; then
+        if ! test_get $url "shadowsocks-go"; then
             kill -SIGTERM $server_pid
             kill -SIGTERM $local_pid
+            stop_http_server
             exit 1
         fi
-        sleep 0.3
     done
     echo "=============================="
     echo "GET $url $method passed"
     echo "=============================="
     kill -SIGTERM $server_pid
     kill -SIGTERM $local_pid
-    sleep 1
+    sleep 0.1
 }
 
 test_server_local_pair() {
@@ -70,37 +97,32 @@ test_server_local_pair() {
     echo "============================================================"
 
     local url
-    if [[ -z "$TRAVIS" ]]; then
-        url="www.baidu.com"
-    else
-        # on travis
-        url="www.google.com"
-    fi
-    test_shadowsocks baidu.com table
-    test_shadowsocks baidu.com rc4
-    test_shadowsocks baidu.com aes-128-cfb
-    test_shadowsocks baidu.com aes-192-cfb
-    test_shadowsocks baidu.com aes-256-cfb
-    test_shadowsocks baidu.com bf-cfb
-    test_shadowsocks baidu.com des-cfb
-    test_shadowsocks baidu.com cast5-cfb
+    url=http://127.0.0.1:$HTTP_PORT/README.md
+    test_shadowsocks $url table
+    test_shadowsocks $url rc4
+    test_shadowsocks $url rc4-md5
+    test_shadowsocks $url aes-128-cfb
+    test_shadowsocks $url aes-192-cfb
+    test_shadowsocks $url aes-256-cfb
+    test_shadowsocks $url bf-cfb
+    test_shadowsocks $url des-cfb
+    test_shadowsocks $url cast5-cfb
 }
 
+start_http_server
+
 SERVER="shadowsocks-server"
 LOCAL="shadowsocks-local"
 test_server_local_pair
 
-if [[ -n $SS_NODEJS ]]; then
-    pushd $SS_NODEJS
-
-    SERVER="node server.js"
+if [[ -n $SS_PYTHON ]]; then
+    SERVER="$SS_PYTHON/server.py"
     LOCAL="shadowsocks-local"
     test_server_local_pair
 
     SERVER="shadowsocks-server"
-    LOCAL="node local.js"
+    LOCAL="$SS_PYTHON/local.py"
     test_server_local_pair
-
-    popd $SS_NODEJS
 fi
 
+stop_http_server
diff --git a/shadowsocks/config_test.go b/shadowsocks/config_test.go
index ba495a3..1dcef0c 100644
--- a/shadowsocks/config_test.go
+++ b/shadowsocks/config_test.go
@@ -5,7 +5,7 @@ import (
 )
 
 func TestConfigJson(t *testing.T) {
-	config, err := ParseConfig("testdata/config.json")
+	config, err := ParseConfig("../config.json")
 	if err != nil {
 		t.Fatal("error parsing config.json:", err)
 	}
@@ -13,8 +13,11 @@ func TestConfigJson(t *testing.T) {
 	if config.Password != "barfoo!" {
 		t.Error("wrong password from config")
 	}
-	if config.Timeout != 0 {
-		t.Error("tiemout should default to 0")
+	if config.Timeout != 600 {
+		t.Error("timeout should be 600")
+	}
+	if config.Method != "aes-128-cfb" {
+		t.Error("method should be aes-128-cfb")
 	}
 	srvArr := config.GetServerArray()
 	if len(srvArr) != 1 || srvArr[0] != "127.0.0.1" {
@@ -25,7 +28,7 @@ func TestConfigJson(t *testing.T) {
 func TestServerMultiPort(t *testing.T) {
 	config, err := ParseConfig("../sample-config/server-multi-port.json")
 	if err != nil {
-		t.Fatal("error parsing multi server-multi-port.json:", err)
+		t.Fatal("error parsing ../sample-config/server-multi-port.json:", err)
 	}
 
 	if config.PortPassword["8387"] != "foobar" {
@@ -85,7 +88,7 @@ func TestClientMultiServerArray(t *testing.T) {
 	if sv[1] != "barfoo" {
 		t.Error("server_password 2nd server passwd wrong")
 	}
-	if sv[2] != "rc4" {
+	if sv[2] != "aes-128-cfb" {
 		t.Error("server_password 2nd server enc method wrong")
 	}
 }
diff --git a/shadowsocks/conn.go b/shadowsocks/conn.go
index fbd124a..b0b58e7 100644
--- a/shadowsocks/conn.go
+++ b/shadowsocks/conn.go
@@ -2,7 +2,6 @@ package shadowsocks
 
 import (
 	"encoding/binary"
-	"errors"
 	"fmt"
 	"io"
 	"net"
@@ -21,13 +20,11 @@ func NewConn(cn net.Conn, cipher *Cipher) *Conn {
 func RawAddr(addr string) (buf []byte, err error) {
 	host, portStr, err := net.SplitHostPort(addr)
 	if err != nil {
-		return nil, errors.New(
-			fmt.Sprintf("shadowsocks: address error %s %v", addr, err))
+		return nil, fmt.Errorf("shadowsocks: address error %s %v", addr, err)
 	}
 	port, err := strconv.Atoi(portStr)
 	if err != nil {
-		return nil, errors.New(
-			fmt.Sprintf("shadowsocks: invalid port %s", addr))
+		return nil, fmt.Errorf("shadowsocks: invalid port %s", addr)
 	}
 
 	hostLen := len(host)
@@ -65,7 +62,7 @@ func Dial(addr, server string, cipher *Cipher) (c *Conn, err error) {
 	return DialWithRawAddr(ra, server, cipher)
 }
 
-func (c Conn) Read(b []byte) (n int, err error) {
+func (c *Conn) Read(b []byte) (n int, err error) {
 	if c.dec == nil {
 		iv := make([]byte, c.info.ivLen)
 		if _, err = io.ReadFull(c.Conn, iv); err != nil {
@@ -83,19 +80,24 @@ func (c Conn) Read(b []byte) (n int, err error) {
 	return
 }
 
-func (c Conn) Write(b []byte) (n int, err error) {
+func (c *Conn) Write(b []byte) (n int, err error) {
+	var cipherData []byte
+	dataStart := 0
 	if c.enc == nil {
 		var iv []byte
 		iv, err = c.initEncrypt()
 		if err != nil {
 			return
 		}
-		if _, err = c.Conn.Write(iv); err != nil {
-			return
-		}
+		// Put initialization vector in buffer, do a single write to send both
+		// iv and data.
+		cipherData = make([]byte, len(b)+len(iv))
+		copy(cipherData, iv)
+		dataStart = len(iv)
+	} else {
+		cipherData = make([]byte, len(b))
 	}
-	cipherData := make([]byte, len(b))
-	c.encrypt(cipherData, b)
+	c.encrypt(cipherData[dataStart:], b)
 	n, err = c.Conn.Write(cipherData)
 	return
 }
diff --git a/shadowsocks/encrypt.go b/shadowsocks/encrypt.go
index c189d77..a5bf34b 100644
--- a/shadowsocks/encrypt.go
+++ b/shadowsocks/encrypt.go
@@ -89,38 +89,76 @@ func newRC4Cipher(key []byte) (enc, dec cipher.Stream, err error) {
 	return rc4Enc, &rc4Dec, nil
 }
 
-// Ciphers from go.crypto has NewCipher returning specific type of cipher
-// instead of cipher.Block, so we need to have the following adapter
-// functions.
-// The specific cipher types makes it possible to use Copy to optimize cipher
-// initialization.
+type DecOrEnc int
 
-func newBlowFishCipher(key []byte) (cipher.Block, error) {
-	return blowfish.NewCipher(key)
+const (
+	Decrypt DecOrEnc = iota
+	Encrypt
+)
+
+func newStream(block cipher.Block, err error, key, iv []byte,
+	doe DecOrEnc) (cipher.Stream, error) {
+	if err != nil {
+		return nil, err
+	}
+	if doe == Encrypt {
+		return cipher.NewCFBEncrypter(block, iv), nil
+	} else {
+		return cipher.NewCFBDecrypter(block, iv), nil
+	}
 }
 
-func newCast5Cipher(key []byte) (cipher.Block, error) {
-	return cast5.NewCipher(key)
+func newAESStream(key, iv []byte, doe DecOrEnc) (cipher.Stream, error) {
+	block, err := aes.NewCipher(key)
+	return newStream(block, err, key, iv, doe)
+}
+
+func newDESStream(key, iv []byte, doe DecOrEnc) (cipher.Stream, error) {
+	block, err := des.NewCipher(key)
+	return newStream(block, err, key, iv, doe)
+}
+
+func newBlowFishStream(key, iv []byte, doe DecOrEnc) (cipher.Stream, error) {
+	block, err := blowfish.NewCipher(key)
+	return newStream(block, err, key, iv, doe)
+}
+
+func newCast5Stream(key, iv []byte, doe DecOrEnc) (cipher.Stream, error) {
+	block, err := cast5.NewCipher(key)
+	return newStream(block, err, key, iv, doe)
+}
+
+func newRC4MD5Stream(key, iv []byte, _ DecOrEnc) (cipher.Stream, error) {
+	h := md5.New()
+	h.Write(key)
+	h.Write(iv)
+	rc4key := h.Sum(nil)
+
+	return rc4.NewCipher(rc4key)
 }
 
 type cipherInfo struct {
-	keyLen   int
-	ivLen    int
-	newBlock func([]byte) (cipher.Block, error)
+	keyLen    int
+	ivLen     int
+	newStream func(key, iv []byte, doe DecOrEnc) (cipher.Stream, error)
 }
 
 var cipherMethod = map[string]*cipherInfo{
-	"aes-128-cfb": {16, 16, aes.NewCipher},
-	"aes-192-cfb": {24, 16, aes.NewCipher},
-	"aes-256-cfb": {32, 16, aes.NewCipher},
-	"bf-cfb":      {16, 8, newBlowFishCipher},
-	"cast5-cfb":   {16, 8, newCast5Cipher},
-	"des-cfb":     {8, 8, des.NewCipher},
+	"aes-128-cfb": {16, 16, newAESStream},
+	"aes-192-cfb": {24, 16, newAESStream},
+	"aes-256-cfb": {32, 16, newAESStream},
+	"des-cfb":     {8, 8, newDESStream},
+	"bf-cfb":      {16, 8, newBlowFishStream},
+	"cast5-cfb":   {16, 8, newCast5Stream},
+	"rc4-md5":     {16, 16, newRC4MD5Stream},
 	"rc4":         {16, 0, nil},
-	"":            {16, 0, nil}, // table encryption
+	"table":       {16, 0, nil},
 }
 
 func CheckCipherMethod(method string) error {
+	if method == "" {
+		method = "table"
+	}
 	_, ok := cipherMethod[method]
 	if !ok {
 		return errors.New("Unsupported encryption method: " + method)
@@ -142,6 +180,9 @@ func NewCipher(method, password string) (c *Cipher, err error) {
 	if password == "" {
 		return nil, errEmptyPassword
 	}
+	if method == "" {
+		method = "table"
+	}
 	mi, ok := cipherMethod[method]
 	if !ok {
 		return nil, errors.New("Unsupported encryption method: " + method)
@@ -151,8 +192,8 @@ func NewCipher(method, password string) (c *Cipher, err error) {
 
 	c = &Cipher{key: key, info: mi}
 
-	if mi.newBlock == nil {
-		if method == "" {
+	if mi.newStream == nil {
+		if method == "table" {
 			c.enc, c.dec = newTableCipher(key)
 		} else if method == "rc4" {
 			c.enc, c.dec, err = newRC4Cipher(key)
@@ -165,26 +206,21 @@ func NewCipher(method, password string) (c *Cipher, err error) {
 }
 
 // Initializes the block cipher with CFB mode, returns IV.
-func (c *Cipher) initEncrypt() ([]byte, error) {
-	iv := make([]byte, c.info.ivLen)
+func (c *Cipher) initEncrypt() (iv []byte, err error) {
+	iv = make([]byte, c.info.ivLen)
 	if _, err := io.ReadFull(rand.Reader, iv); err != nil {
 		return nil, err
 	}
-	block, err := c.info.newBlock(c.key)
+	c.enc, err = c.info.newStream(c.key, iv, Encrypt)
 	if err != nil {
 		return nil, err
 	}
-	c.enc = cipher.NewCFBEncrypter(block, iv)
-	return iv, nil
+	return
 }
 
-func (c *Cipher) initDecrypt(iv []byte) error {
-	block, err := c.info.newBlock(c.key)
-	if err != nil {
-		return err
-	}
-	c.dec = cipher.NewCFBDecrypter(block, iv)
-	return nil
+func (c *Cipher) initDecrypt(iv []byte) (err error) {
+	c.dec, err = c.info.newStream(c.key, iv, Decrypt)
+	return
 }
 
 func (c *Cipher) encrypt(dst, src []byte) {
diff --git a/shadowsocks/encrypt_test.go b/shadowsocks/encrypt_test.go
index c000cd1..b2583d3 100644
--- a/shadowsocks/encrypt_test.go
+++ b/shadowsocks/encrypt_test.go
@@ -163,30 +163,30 @@ func benchmarkCipherInit(b *testing.B, ci *cipherInfo) {
 
 func BenchmarkAES128Init(b *testing.B) {
 	ci := cipherMethod["aes-128-cfb"]
-	benchmarkCipherInit(b, &ci)
+	benchmarkCipherInit(b, ci)
 }
 
 func BenchmarkAES192Init(b *testing.B) {
 	ci := cipherMethod["aes-192-cfb"]
-	benchmarkCipherInit(b, &ci)
+	benchmarkCipherInit(b, ci)
 }
 
 func BenchmarkAES256Init(b *testing.B) {
 	ci := cipherMethod["aes-256-cfb"]
-	benchmarkCipherInit(b, &ci)
+	benchmarkCipherInit(b, ci)
 }
 
 func BenchmarkBlowFishInit(b *testing.B) {
 	ci := cipherMethod["bf-cfb"]
-	benchmarkCipherInit(b, &ci)
+	benchmarkCipherInit(b, ci)
 }
 
 func BenchmarkCast5Init(b *testing.B) {
 	ci := cipherMethod["bf-cfb"]
-	benchmarkCipherInit(b, &ci)
+	benchmarkCipherInit(b, ci)
 }
 
 func BenchmarkDESInit(b *testing.B) {
 	ci := cipherMethod["des-cfb"]
-	benchmarkCipherInit(b, &ci)
+	benchmarkCipherInit(b, ci)
 }
diff --git a/shadowsocks/leakybuf.go b/shadowsocks/leakybuf.go
new file mode 100644
index 0000000..3c7dd8c
--- /dev/null
+++ b/shadowsocks/leakybuf.go
@@ -0,0 +1,40 @@
+// Provides leaky buffer, based on the example in Effective Go.
+package shadowsocks
+
+type LeakyBuf struct {
+	bufSize  int // size of each buffer
+	freeList chan []byte
+}
+
+// NewLeakyBuf creates a leaky buffer which can hold at most n buffer, each
+// with bufSize bytes.
+func NewLeakyBuf(n, bufSize int) *LeakyBuf {
+	return &LeakyBuf{
+		bufSize:  bufSize,
+		freeList: make(chan []byte, n),
+	}
+}
+
+// Get returns a buffer from the leaky buffer or create a new buffer.
+func (lb *LeakyBuf) Get() (b []byte) {
+	select {
+	case b = <-lb.freeList:
+	default:
+		b = make([]byte, lb.bufSize)
+	}
+	return
+}
+
+// Put add the buffer into the free buffer pool for reuse. Panic if the buffer
+// size is not the same with the leaky buffer's. This is intended to expose
+// error usage of leaky buffer.
+func (lb *LeakyBuf) Put(b []byte) {
+	if len(b) != lb.bufSize {
+		panic("invalid buffer size that's put into leaky buffer")
+	}
+	select {
+	case lb.freeList <- b:
+	default:
+	}
+	return
+}
diff --git a/shadowsocks/pipe.go b/shadowsocks/pipe.go
index f41ce8f..35f356f 100644
--- a/shadowsocks/pipe.go
+++ b/shadowsocks/pipe.go
@@ -2,7 +2,6 @@ package shadowsocks
 
 import (
 	// "io"
-	"github.com/cyfdecyf/leakybuf"
 	"net"
 	"time"
 )
@@ -21,7 +20,7 @@ func SetReadTimeout(c net.Conn) {
 const bufSize = 4096
 const nBuf = 2048
 
-var pipeBuf = leakybuf.NewLeakyBuf(nBuf, bufSize)
+var pipeBuf = NewLeakyBuf(nBuf, bufSize)
 
 // PipeThenClose copies data from src to dst, closes dst when done.
 func PipeThenClose(src, dst net.Conn, timeoutOpt int) {
diff --git a/shadowsocks/testdata/config.json b/shadowsocks/testdata/config.json
deleted file mode 100644
index c6c0acf..0000000
--- a/shadowsocks/testdata/config.json
+++ /dev/null
@@ -1,6 +0,0 @@
-{
-	"server":"127.0.0.1",
-	"server_port":8388,
-	"local_port":1081,
-	"password":"barfoo!"
-}
diff --git a/shadowsocks/util.go b/shadowsocks/util.go
index 801b966..a026e9f 100644
--- a/shadowsocks/util.go
+++ b/shadowsocks/util.go
@@ -7,7 +7,7 @@ import (
 )
 
 func PrintVersion() {
-	const version = "1.1.1"
+	const version = "1.1.2"
 	fmt.Println("shadowsocks-go version", version)
 }