China’s "gross firewall" now block connections that with the closing protocol tls in the current version 1.3 are written. Researchers have identified that analyze the continuous china’s internet nurse.
According to a team of the university of maryland, the first blockages on the 29. July observed and meanwhile became clearer how exactly the censorship expires in the case of particularly well-protected compounds. Affected is therefore only https traffic, which is protected by encrypted server name indication (esni). China’s censors can no longer recognize which servers are contacted.
Machine (still) possible
Tls 1.3 is the current version of the layer security, the successor of ssl (secure sockets layer). It had been developed – even against resistance – as a consequence of the snowden enthusiasts with the focus on a clasp of such many metadata of communication as possible. If the server name is captured by esni, a look at traffic – such as by china’s internet sensors – can no longer be determined, who is contacted at all. When hedging https connections wins tls 1.3 currently increasingly distribution.
As the analyzes of the groben firewall now suggest, china’s guided does not want to accept this blind spot. For connections where tls 1.3 and esni is used, the firewall packages drop and block the connection. This is done in both directions, both in terms of connections from abroad to chinese servers as well as from china to foreign servers. If such a connection is blocked, all further contact shots of the transmitter ip to the same reception ip and the receiver port for two or three minutes are prevented.
With methods of machine learning, the researchers according to their own data have found several possibilities to bypass blockages with 100% success rate – both server and client-sided. How exactly, describe in your article. However, they also point out that there are no strategies that will have a long-term success: the cat and mouse game will continue.