China all HTTPS connections that use the TLS 1.3 protocol and the ESNI (Encrypted Server Name Indication) TLS extension, which encrypts data about the requested host. Blocking is implemented on transit routers for both connections from China to the outside world and from the outside world to China.
Blocking is performed by dropping packets from the client to the server, rather than packet substitution with the RST flag, which was previously performed with selective blocking by SNI content. After blocking a packet with ESNI, for 120 to 180 seconds, all network packets that match the combination of source IP, destination IP and destination port number are also blocked. HTTPS connections based on older versions of TLS and TLS 1.3 without ESNI are skipped as usual.
Recall that to organize the operation of several HTTPS sites on the same IP address, the SNI extension was developed, which transmits the host name in clear text in the ClientHello message transmitted before the encrypted communication channel is established. This feature makes it possible on the ISP side to selectively filter HTTPS traffic and analyze which sites the user opens, which does not allow achieving complete confidentiality when using HTTPS.
The new TLS extension ECH (formerly ESNI), which can be used in conjunction with TLS 1.3, eliminates this shortcoming and completely eliminates the leakage of information about the requested site when parsing HTTPS connections. In combination with access through the content delivery network, the use of ECH / ESNI also makes it possible to hide from the provider the IP address of the requested resource. Traffic inspection systems will only see calls to the CDN and will not be able to apply blocking without TLS session spoofing, in which case the user's browser will display a corresponding certificate substitution notification. DNS remains a possible leak channel, but DNS-over-HTTPS or DNS-over-TLS can be used by the client to hide DNS access.
Researchers are already a few workarounds to bypass Chinese blocking on the client and server side, but they may become obsolete and should be considered only as a temporary measure. For example, currently only packages with the ESNI extension identifier 0xffce (encrypted_server_name), which was used in , but for now, packets with the actual ID 0xff02 (encrypted_client_hello) proposed in .
Another workaround is to use a non-standard connection negotiation process, for example, blocking does not work when pre-sending an additional SYN packet with an incorrect sequence number, manipulating packet fragmentation flags, sending a packet with both FIN and SYN flags set, substituting an RST packet with an incorrect control amount or send before the start of packet connection negotiation with the SYN and ACK flags. The described methods are already implemented in the form of a plugin to the toolkit , to bypass censoring methods.
Source: opennet.ru