The Chinese government has updated its national censorship tool, also known as the Great Firewall. It now blocks HTTPS connections that use new and tap-proof protocols and technologies. The changes have apparently been in place for more than a week, according to the University of Maryland, iYouPort and the Great Firewall Report.
The changes are aimed specifically at data traffic that was encrypted with the current version 1.3 of Transport Layer Security (TLS). The Encrypted Server Name Indication (ENSI) technology is also blocked. The latter is an extension of TLS 1.3 that is intended to prevent Internet service providers from determining which websites users are visiting.
The censors do not bother data traffic that is protected by TLS 1.1 or 1.2. The non-encrypted version of the Server Name Indication Extension (SNI) is also still permitted. Because in this combination it is still possible to read out the domain names that are to be visited, because they are still transmitted in clear text at the beginning of the connection negotiation.
The domain name information is the basis for the state internet filter. TLS 1.3 with ENSI makes it difficult to filter HTTPS data traffic and block users in China from certain websites or to keep certain content away from them.
However, the spread of TLS 1.3 is steadily increasing. At the beginning of July, Qualys SSL Labs determined a share of 31.7 percent. TLS 1.0, 1.1 and 1.2 are more common.
iYouPort, the University of Maryland and the Great Firewall Report found six techniques that clients can use to bypass the Great Firewall’s TLS 1.3 block. There should be four options on the server side. “Unfortunately, these specific strategies are unlikely to be long-term solutions,” stated the three organizations. The cat-and-mouse game will continue and China will continue to expand the censorship functions of the Great Firewall.
Slack collaboration platform: work efficiently – no matter where
Before COVID-19, remote work was almost unthinkable for many companies. Today they have recognized that it can work very well if the framework conditions are right. In this webinar you will learn how you can optimally react to the changed working conditions with the Slack collaboration solution.