7 comments

[ 1.6 ms ] story [ 33.6 ms ] thread
Up until now, I thought "The Great Firewall" was limited to layer 2, layer 3, and just layer-7 DNS controls.

The capability described in this article sounds more like a full layer-7 MITM.

That's terrifying. Is any HTTPS secure within mainlan China's networks?

Or am I misunderstanding, and it's just the government websites that are blocking incoming TLS 1.3 connections?

Some further explanation here: https://geneva.cs.umd.edu/posts/china-censors-esni/esni/

Looks like it's L4?

That link was fascinating to me. For as long as I remember, there have been tools to evade network intrusion detection systems and stateful firewalls, but I never thought about how the same techniques can be used to evade censorship.
GFW has been all layer for a long time, including actively re-probing and connecting back to a server from random (really, virtually any CN IP space).

HTTPS is somewhat secure, but subject to MITM. Most Chinese forks of browsers ignore certificate errors and allow everything through.

Would I be safe from this type of MITM attack if my browser respects SSL warnings? (and I don't bypass them)
Generally yes.

But remember with SNI they know exactly what website you're visiting.

This is our fault for taking so long with ESNI.