China Is Now Blocking All Encrypted HTTPS Traffic That Uses TLS 1.3 and ESNI (zdnet.com) 103
China's Great Firewall "is now blocking HTTPS connections set up via the new TLS 1.3 encryption protocol and which use ESNI (Encrypted Server Name Indication)," reports ZDNet:
The block has been in place for more than a week, according to a joint report authored by three organizations tracking Chinese censorship — iYouPort, the University of Maryland, and the Great Firewall Report. ZDNet also confirmed the report's findings with two additional sources — namely members of a U.S. telecommunications provider and an internet exchange point (IXP) — using instructions provided in a mailing list...
The reason for the ban is obvious for experts. HTTPS connections negotiated via TLS 1.3 and ESNI prevent third-party observers from detecting what website a user is attempting to access. This effectively blinds the Chinese government's Great Firewall surveillance tool from seeing what users are doing online.
There is a myth surrounding HTTPS connections that network observers (such as internet service providers) cannot see what users are doing. This is technically incorrect. While HTTPS connections are encrypted and prevent network observers from viewing/reading the contents of an HTTPS connection, there is a short period before HTTPS connections are established when third-parties can detect to what server the user is connecting. This is done by looking at the HTTPS connection's SNI (Server Name Indication) field.
In HTTPS connections negotiated via older versions of the TLS protocol (such as TLS 1.1 and TLS 1.2), the SNI field is visible in plaintext.
The reason for the ban is obvious for experts. HTTPS connections negotiated via TLS 1.3 and ESNI prevent third-party observers from detecting what website a user is attempting to access. This effectively blinds the Chinese government's Great Firewall surveillance tool from seeing what users are doing online.
There is a myth surrounding HTTPS connections that network observers (such as internet service providers) cannot see what users are doing. This is technically incorrect. While HTTPS connections are encrypted and prevent network observers from viewing/reading the contents of an HTTPS connection, there is a short period before HTTPS connections are established when third-parties can detect to what server the user is connecting. This is done by looking at the HTTPS connection's SNI (Server Name Indication) field.
In HTTPS connections negotiated via older versions of the TLS protocol (such as TLS 1.1 and TLS 1.2), the SNI field is visible in plaintext.
Re: (Score:2)
Well why didn't he?
Re: (Score:1)
Re: (Score:1)
Re: (Score:1)
Just set your threshold so you don't see them and don't think about it
Re: (Score:3)
Ironically, I wrote a post defending Slashdot’s hands-off approach to these things, but I couldn’t submit the post because the “lameness filter” wouldn’t allow it, and no amount of edits made it go away ... yet the 18 swastikas are not, apparently, lame.
I stand corrected,
So yeah, apparently Slashdot does wholeheartedly endorse the swastika stuff. To the point that they consider it “lame” to even suggest otherwise.
*shrug*
Re:Damn Trump (Score:5, Insightful)
Orange man bad: Let me count the ways. Eviscerating environmental protections to attempt to save a dying industry, coal mines, and opening previously environmentally protected areas for industry rape. Lying his ass off, he's told over 20,000 falsehoods in 3.5 yrs. Admittedly, they aren't all lies, some are simply testament to his stupidity. Packing the federal judges in an effort to recreate the society of the 1950s, which is great if you are not a minority or a woman. Cuddling up to his minder Putin to point of being Putin's Poodle. Somehow he's knows more than the U.S. intelligence agencies. Screwing up the SARS-CoV-2 response to the point that the U.S. has more cases than every other country. Sticking his finger in the military justice system and not allowing a man who shot civilians in cold blood to be drummed out of the military. Admittedly, the military justice system should have drummed him out long ago. Pardoning his political lapdogs. Corrupting the U.S. Department of Justice to make it the Department of Alleged President Protective Agency. Sending storm troopers to Portland to increase the violence so he could claim to be "saving" the city. Screwing peaceful protesters outside the White House so he could set up a photo op with a Bible in front of a church. Making open racism by the right wing nuts a protected freedom. Defending gun nuts marching on the Michigan capitol to intimate the politicians dealing with an epidemic. Turning an epidemic into a culture war so that now there's not a chance in hell of reducing the epidemic before a vaccine arrives.
Need I go on. There's plenty more. Yes, Orange man bad.
Re: (Score:2)
Exactly. Orange Man Bad. Why do you bother writing a wall of drivel? No one is reading that.
So you're responding to comments without even reading them? How odd, that's exactly what I expect from a reich-wing trumpanzee... or a fifty-center doing an impression of one.
Re: (Score:2)
What is a "fifty-center"? You guys have labels for everything?
Yes. So does everyone else. They're called "names". HTH, HAND: https://en.wikipedia.org/wiki/... [wikipedia.org]
Helping other agencies too (Score:5, Interesting)
By doing this they are also helping other agencies, who may be watching the same traffic. Everyone wins.
Re: (Score:1)
That's a great point. It's still kind of tangential but it wouldn't take much to get to a solid equivalence argument or even put the blame exactly where it belongs; The United States.
Blame America First!
Re: (Score:1)
No, we only do 37.2% of all the stupid shit
Re: (Score:2)
The second derivative is looking pretty steep of late, though...
Re: (Score:2)
Re: (Score:2)
By doing this they are also helping other agencies, who may be watching the same traffic. Everyone wins.
Not really. It just means Chinese users no longer have access to any U.S. websites that aren't rich enough to have a dedicated web server with its own IP and, where applicable, a paid Cloudflare plan. The downgrade detection ensures that China can't force browsers to a lower TLS version, and it's not like anyone is going to choose not to upgrade their web server because of something done by the Chinese government. So basically, most of the Internet is going to go dark in China.
I can't find any current nu
Server IP address still in the clear (Score:5, Insightful)
ESNI is a good thing, and it can be very useful when you're connecting to an IP that hosts a lot of virtual servers, or is a reverse proxy for a bunch of different services, but most of the time the IP address of the server tells observers exactly where you're going. I doubt it seriously degrades the Great Firewall's use as a surveillance tool. However, blocking it will likely slow adoption a bit.
Re: (Score:3)
Often not, when you have large CDNs who put thousands of sites behind the same IPs. It's not practical to give each customer their own IP unless you're exclusively using IPv6.
Re: (Score:2)
Re: (Score:1)
Re:Server IP address still in the clear (Score:5, Informative)
A (too) large portion of the web is MITM'd by CloudFlare, which reuses a pool of IP addresses for its customers.
Cloudflare (Score:2)
"servers, or is a reverse proxy for a bunch of different services, but most of the time the IP address of the server tells observers" that you're connecting to Cloudflare.
That's the third piece of the puzzle. Encrypted DNS, TLS 1.3, and a widely used CDN IP (DNS over TLS is technically more sensible, but DNS over HTTPS seems to be where we're headed).
Re:Cloudflare (Score:5, Informative)
No, it's a third piece of pointless wank: Encrypted DNS does nothing when the very next thing your browser does is go to the address that the DNS lookup was for. It reveals the plaintext of the encrypted DNS query immediately after it gets the ciphertext.
It's also pretty easy to de-anonymise both ESNI and DoH based on traffic analysis and fingerprinting, there have been a number of papers published on this. The fact that China is blocking TLS 1.3 just means that their MITM proxies can't do 1.3 yet, nothing to do with the fig-leaf that is ESNI.
Re: (Score:3)
Re:Cloudflare (Score:4, Informative)
It reveals the IP address, not the host. Obviously if the host has an exclusive IP address it's as good as the hostname, but for multiple virtual hosts using the same IP address it gives a level of privacy.
Only if your opponent isn't doing web site/traffic fingerprinting. Which seems unlikely if they're already doing DNS interception. So it's an illusion of security that most likely isn't there. In other words either no-one's watching and you don't need it, or someone's watching and it's not helping much. Sort of like a car seat belt that snaps if it's needed.
Re: (Score:2)
Only if your opponent isn't doing web site/traffic fingerprinting.
Fingerprinting only causes a small problem. ESNI is not perfect, but is still useful, and it still provides privacy and prevents censorship based on hostname when accessing HTTPS hostnames that have not yet been found out by whomever is doing some sort of fingerprinting.
If the website is not all that popular, and the people censoring/monitoring are not provided away to enumerate the lists of hosts or domain names on a server... the ce
Cloudflare - read the subject, if not the post (Score:2)
> the very next thing your browser does is go to the address that the DNS lookup was for
I see that you not only didn't read the post you replied to, you didn't even read the subject line. Let me fix the sentence for you:
The very next thing your browser does is go to Cloudflare
Re: (Score:2)
Thanks to the widespread use of CDNs the majority of connections are to shared servers now.
Re: (Score:2)
but most of the time the IP address of the server tells observers exactly where you're going
Sorry but this is far from true "most" of the time. For "most" of the internet traffic in the world at best you'll find out who the CDN provider is. For much of the rest you'll find who the traditional hosting provider is. The 1-to-1 relationship between a DNS name and an IP address is getting very rare on the internet.
Collateral Damage Networks (Score:2)
The point is that making automatic censorship decisions based primarily on "who the CDN provider is" will cause a country's automatic censorship system to block innocent websites. This makes the Internet less useful to its citizens in such a way as to make its export industry less competitive.
Re: (Score:2)
Not for long, because we're slowly heading into an IPv6 world, where such things no longer exist. Reusing IP addresses is an IPv4 problem - there's no need to do this stuff when you go to IPv
Re: (Score:2)
Re:Commie bastards. (Score:4, Interesting)
I get the impression many countries are looking at what China does and want to emulate it, chief amongst those the USA but they contract it out to tech corporations to get passed the constitution in quite a criminal and corrupt fashion. You know what they say, when in doubt, sneaker net. Beware the internet and ease of being naughty, do not get trapped, do not make mistakes. If you are going to do silly shite, always put backdoor software on your main PC to prove it was hacked and use another portable device to do stuff, booting and running from USB just in case and controlling your main PC, naughty hackers ;D.
Re: (Score:3)
You think the proceedings against you will care if your machine was provably hacked? I don't.
Re: (Score:2)
Re: (Score:2, Interesting)
I'm sure the Chinese people will defeat this. To hell with the CCP.
Why would they? Chinese people are pretty much content with the CCP.
Re: Commie bastards. (Score:3, Insightful)
Bullshit.
If you are raised naked, in a lightless basement, never taught to walk or speak, and eat out of a dog bowl, you're "content" with that too. We know, because that's exactly what happened at a Romainan orphanage.
You cannot be not OK with it, if you don't even know what could be. If you're raised into it, it seems "just... normal".
Now think about all the things you merely grew into, in US society, and as a person in your school and among your parents.
Note how much you never thought about. Note how you
Re: (Score:2)
If you are raised naked, in a lightless basement, never taught to walk or speak, and eat out of a dog bowl, you're "content" with that too.
Such condescension... Do you seriously think that Chinese people have no idea about the West? That a billion people, each with a mobile smartphone, have no idea about the US and other democratic countries?
Of course they do. Chinese people in general just don't think that democracy is worth the bother.
Re: (Score:3)
Re: (Score:2)
Good thing there aren't many of those.
Re: (Score:2)
the largest number of foreign tourists are Chinese...
You think they all walk around with their eyes closed?
If all you do is look then you can get the impression that what differentiates the USA and China is decadence.
Re: (Score:2)
Well that, and also the United States has much better roadside bathrooms:
https://www.youtube.com/watch?... [youtube.com]
Re: (Score:2)
So what you're saying is the GP's post is 100% correct and Chinese people are content with it, and you even provided an example of an atrocity to back up the GP's statement?
What part of it is bullshit again?
Re: (Score:1)
Re:Commie bastards. (Score:5, Informative)
Re: (Score:1)
Big migration to the cities? Farm mechanization becoming a thing?
Re: (Score:2)
Let me try to explain what Cyberax is getting at: "People on Mainland China are generally content with the CCP rule, mostly because they see how it" was successful at organizing a "big migration to the cities" and deploying "farm mechanization".
Re: (Score:2)
People on Mainland China are generally content with the CCP rule, mostly because they don't understand that despite how non-CCP people in China transformed China from a poor starving country into a leading global power, the CCP has been a massive drag on their lives.
TFTFY...
Re: (Score:2)
People on Mainland China are generally content with the CCP rule, mostly because they don't understand that despite how non-CCP people in China transformed China from a poor starving country into a leading global power, the CCP has been a massive drag on their lives.
Most ordinary people in China basically don't interact with the CCP. It exists but doesn't bother them (and vice versa). So how would that drag be apparent?
It's also not at all clear that replacing the CCP with something else would help. India had a GDP per capita comparable with China in the early 90-s, and now China has 5x greater GDP. Yet India is a democracy (not the greatest one, but still).
Re: (Score:2)
The drag of the CCP is from their economic decisions, mostly because they were the ones making them from above, rather than allowing individuals to cooperate and decide. Huge drag early on (with the resulting starvation, etc...), less as they liberalized the economy (in the market sense) under Deng Xiaoping in the 1980s, a bit more again lately as they've made missteps of capital investments and government-run companies making mistakes which have wasted huge amounts of resources (see also "ghost" cities no
Re: (Score:2)
The drag of the CCP is from their economic decisions, mostly because they were the ones making them from above, rather than allowing individuals to cooperate and decide.
China has been fiercely capitalist at small and medium scale for the last 30 years or so. If you want to open a regular business in China, nobody would stop you (assuming you have Chinese citizenship, of course). China right now has middle class that is comparable (in percentage!) with the US, for FSM's sake!
Huge drag early on (with the resulting starvation, etc...), less as they liberalized the economy (in the market sense) under Deng Xiaoping in the 1980s
Mass starvation in China ended in mid-1960-s. Most people who are alive in China haven't seen these times or don't remember them.
a bit more again lately as they've made missteps of capital investments and government-run companies making mistakes which have wasted huge amounts of resources (see also "ghost" cities no one lives in).
These mistakes don't really affect ordinary people. Sure, they might have
Re: (Score:2)
China Ghost Cities [lmgtfy.com]
Re: (Score:2)
Really? Why doesn't the CCP hold elections then?
Re: (Score:2)
Re: (Score:2)
I doubt the Chinese people will defeat this anytime soon. There does not appear to be an active opposition in China. As long as the CCP delivers economic benefits, the people appear quiescent.
Chinese in general seemed to be okay with taking Tibet away from the Tibetans. They don't mind screwing the Uighers. No, they wouldn't like those tactics applied to them, but as long as it is those Other People, they seem perfectly fine with it. They are no better than the Japanese during WWII. The Japanese right now a
Re: (Score:2)
Re: (Score:2)
He hasn't banned any "services". He's prohibited a couple of companies from doing business with U.S. companies and individuals if they don't divest their U.S. operations so that they are no longer controlled by the Chinese government and Communist Party.
So there's not need for, nor anyone looking to, do anything on a network level.
Using vTLS1.2, No China (Score:5, Interesting)
TLS 1.3 and Do* must be paired for perfect privacy (Score:5, Insightful)
TLS 1.3 prevents an eavesdropper from knowing which site you are connecting to. DoTLS or DoH prevent them from knowing which site you are about to connect to. They are a matched pair. You need both to accomplish the goal.
The pros and cons of accomplishing this goal is a different conversation.
DNS over $encryption isn't all that useful without TLS 1.3 and vice versa, they go together.
Re: (Score:2)
Deprecate TLS 1.3 today (Score:1)
Now all we need to do is immediately deprecate all TLS 1.3 and we have the best of both worlds. Great security for us and avoid the need to section off China, they'll do it to themselves when they block everything.
Re:Deprecate TLS 1.3 today (Score:5, Insightful)
Now all we need to do is immediately deprecate all NON-TLS 1.3
FTFY.
Re: (Score:2)
Now all we need to do is immediately deprecate all NON-TLS 1.3
FTFY.
Is there something wrong with TLS 1.2 that renders it not fit for purpose? If the answer is no who it served by reducing agility in the event problems unique to TLS 1.3 are discovered?
Re: (Score:2)
It's already pretty close to everything. TLS 1.3 has downgrade protection, so browsers issue a security warning if you hit a TLS 1.3-aware site through a downgrading firewall using current versions of... I think all major browsers at this point. So they've already deprecated TLS 1.2 and earlier except when hitting websites that truly don't support TLS 1.3.
And most websites use ESNI. Mind you, the big websites don't, and as a percentage of traffic, those make up the majority, but as a percentage of sites
Re: (Score:2)
It's already pretty close to everything. TLS 1.3 has downgrade protection,
So did earlier versions of TLS. Remember downgrade only ever worked because browsers **INTENTIONALLY BYPASSED** protections already baked into TLS.
What I found most amusing about the situation is rather than browser vendors simply stop doing this they instead invented an entirely new mechanism that allowed the original abuse of the TLS protocol to persist.
so browsers issue a security warning if you hit a TLS 1.3-aware site through a downgrading firewall using current versions of...
In reality the firewall will terminate TLS using a dynamically generated public key from the Chinese trust anchors in your browser or operating system at
Re: (Score:2)
It's already pretty close to everything. TLS 1.3 has downgrade protection,
So did earlier versions of TLS. Remember downgrade only ever worked because browsers **INTENTIONALLY BYPASSED** protections already baked into TLS.
What I found most amusing about the situation is rather than browser vendors simply stop doing this they instead invented an entirely new mechanism that allowed the original abuse of the TLS protocol to persist.
Well yes and no. TLS prior to 1.3 provided a checksum at the end of the negotiation, but by that time, you've already sent the hostname, so the damage is done. With TLS 1.3, the protection occurs using nonce data embedded in the initial response from the server after the client declares what versions of TLS it supports, so the client can detect the downgrade before that downgrade tricks it into sending the server name in the clear. That's a subtle, but potentially important difference.
so browsers issue a security warning if you hit a TLS 1.3-aware site through a downgrading firewall using current versions of...
In reality the firewall will terminate TLS using a dynamically generated public key from the Chinese trust anchors in your browser or operating system at which point talk of "downgrade attacks" will have been rendered moot.
Well, yes, maybe.
And most websites use ESNI. Mind you, the big websites don't, and as a percentage of traffic, those make up the majority, but as a percentage of sites, I'm pretty sure that the sites that use ESNI make up the overwhelming majority. The latest number I could find was from a research paper written in 2003, but back then, it was 87%.
You are confusing ESNI with SNI.
ESNI is no longer even a thing. It was replaced with more generalized client hello encryption. Any existing use of the old ESNI scheme in the wild will be short lived.
Ye
Wireguard based VPN's for the win (Score:3)
Sounds like every Chinese net user needs to get a VPN account using wireguard, and tunnel all their traffic that way. Can't block every single UDP port, and all wireguard needs to work is one.
Re:Wireguard based VPN's for the win (Score:5, Insightful)
Re:Wireguard based VPN's for the win (Score:4, Insightful)
To be fair, their legal system is "You've pissed us off, now we hang you".
What is going to piss them off more? Using a VPN and they don't know what you're looking at, or visiting some innocent site (i.e. Western news site) that pisses them off?
Since there are SO many business reasons to be on a VPN, I would suspect if you're connected to a VPN and get questioned about it, there's a chance you will be able to say it was "for business" and they might accept that.
Or they might shoot you regardless. Never can tell with communists.
Re: (Score:1)
Re:They can tell (Score:5, Insightful)
So I connect to one of cloudflare's IPs, what site did I visit? Funny kittens, how to build a bomb, or Xi looks like Pooh Bear?
If I was the US... (Score:4, Funny)
... I'd use the NSA's immense power, to turn ALL IP adresses that reach the outside of the great firewall into stealth VPNs that allow access to the open Internet, so China would either have to give up or block ALL external traffic, forcing the situation to its logical conclusion. And then run a satellite Internet above them that works without visible dishes. (E.g. either dishes under roofs, or normal-looking antenna.)
Re: (Score:3)
Re: (Score:3)
Good! (Score:2)
Well Obviously (Score:2)
Yes! It's working as designed. This is great news.
Re: (Score:2)
Plaintext? (Score:1)
Why was the SNI ever plaintext in the first place? That seems like a major oversight. Did no one think that would be a privacy issue?
Re: (Score:2)
The original objective of HTTPS / SSL was for preventing silent man in the middle attack. The developers care more about if the online bank site is intercepted to show false information and/or user got impersonated and send fake instructions. It is such mindset that makes self-signed cert looks more "dangerous" to browser users than websites with totally zero encryption.
For encrypting the target web address to be useful, DNS over HTTPS or DNS over TLS is required. And even after that, the target web site
Re: (Score:2)
> Why was the SNI ever plaintext in the first place? That seems like a major oversight. Did no one think that would be a privacy issue?
One word: Microsoft
Re: (Score:2)
Why was the SNI ever plaintext in the first place? That seems like a major oversight. Did no one think that would be a privacy issue?
For the same reason websites ask you for a login and password rather than just a password. Authenticators need to know who they are communicating with in order to authenticate their identity.
There are of course alternatives:
1. Trial encryption where you cycle through all known identities and try keys until you get lucky. This is extremely expensive, unrealistic at scale and a magnet for shielding abuse.
2. Leap of faith (anonymous key agreement) to protect channel while identity is transmitted. This would
ESNI does not exist (Score:2)
ESNI has already been replaced with encrypted client hello (ECH) which grabs keys via DNS and is not being blocked by China firewalls.
Iran has started to do the same at the exact time (Score:1)