Great Firewall of China now blocks HTTPS traffic that uses TLS 1.3 and ESNI


The national firewall of China now updates its blocking list by adding HTTPS traffic that uses TLS 1.3 and ESNI

The Great Firewall of China is the combination of legislative actions and technologies enforced by the People’s Republic of China to regulate the Internet domestically. Its role in Internet censorship in China is to block access to selected foreign websites and to slow down cross-border internet traffic. The effect includes: limiting access to foreign information sources, blocking foreign internet tools (e.g. Google search, Facebook, Twitter, Wikipedia, and others) and mobile apps, and requiring foreign companies to adapt to domestic regulations.

The Chinese regime has now updated its national firewall that will now also block HTTPS traffic that uses TLS 1.3 and ESNI. Other HTTPS traffic is still allowed through the Great Firewall if it uses older versions of the same protocols — such as TLS 1.1 or 1.2, or SNI (Server Name Indication).

“We confirm that the Great Firewall (GFW) of China has recently begun blocking ESNI—one of the foundational features of TLS 1.3 and HTTPS. We empirically demonstrate what triggers this censorship and how long residual censorship lasts,” say the authors of the report.

Talking upon the TLS it is known as Transport Layer Security is the basis of secure HTTPS, or Hypertext Transfer Protocol Secure protocol, which allows users to see who they are communicating with, but no intermediary can snoop in on the information being transmitted.

So the question comes why China is blocking the new versions of TLS? According to reports, in the HTTPS connections that are set up via the new TLS version 1.3, the SNI field can be hidden via ESNI, the encrypted version of the old SNI. As TLS 1.3 usage continues to grow around the web, HTTPS traffic where TLS 1.3 and ESNI is used is now giving Chinese sensors headaches, as they’re now finding it harder to filter HTTPS traffic and control what content the Chinese population can access.

“TLS 1.3 introduced Encrypted SNI (ESNI) that, put simply, encrypts the SNI so that intermediaries cannot view it. ESNI has the potential to complicate nation-states’ abilities to censor HTTPS content; rather than be able to block only connections to specific websites, ESNI would require censors to block all TLS connections to specific servers. We do confirm that this is now happening in China!” reveals the report.

What do you think about blocking the updated version of TLS? Do mention your views in the comment section below. For more news on tech and cybersecurity stay tuned on Android Rookies by subscribing to our newsletter from here.


About Author

Be Ready for the challenge

Notify of
Inline Feedbacks
View all comments