{"id":36521,"date":"2020-08-08T18:04:00","date_gmt":"2020-08-08T18:04:00","guid":{"rendered":"http:\/\/0c144962-9b5c-48e3-81b0-b151841cd90a"},"modified":"2020-08-08T18:04:00","modified_gmt":"2020-08-08T18:04:00","slug":"china-is-now-blocking-all-encrypted-https-traffic-that-uses-tls-1-3-and-esni","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/china-is-now-blocking-all-encrypted-https-traffic-that-uses-tls-1-3-and-esni\/","title":{"rendered":"China is now blocking all encrypted HTTPS traffic that uses TLS 1.3 and ESNI"},"content":{"rendered":"
\"China<\/span>
<\/span><\/figcaption><\/figure>\n

The Chinese government has deployed an update to its national censorship tool, known as the Great Firewall (GFW), to block encrypted HTTPS connections that are being set up using modern, interception-proof protocols and technologies.<\/p>\n

The ban has been in place for at least a week, since the end of July, according to a joint report published this week by three organizations tracking Chinese censorship — iYouPort<\/a>, the University of Maryland<\/a>, and the Great Firewall Report<\/a>.<\/p>\n

China now blocking HTTPS+TLS1.3+ESNI<\/h3>\n

Through the new GFW update, Chinese officials are only targeting HTTPS traffic that is being set up with new technologies like TLS 1.3<\/a> and ESNI (Encrypted Server Name Indication)<\/a>.<\/p>\n

Other HTTPS traffic is still allowed through the Great Firewall, if it uses older versions of the same protocols — such as TLS 1.1 or 1.2, or SNI (Server Name Indication).<\/p>\n

For HTTPS connections set up via these older protocols, Chinese censors can infer to what domain a user is trying to connect. This is done by looking at the (plaintext) SNI field in the early stages of an HTTPS connections. <\/p>\n

In HTTPS connections set up via the newer TLS 1.3, the SNI field can be hidden via ESNI, the encrypted version of the old SNI. As TLS 1.3 usage continues to grow around the web, HTTPS traffic where TLS 1.3 and ESNI is used is now giving Chinese sensors headaches, as they’re now finding it harder to filter HTTPS traffic and control what content the Chinese population can access.<\/p>\n

\"tls13-stats.png\"<\/span>