Niklas Niere / JonSnowWhite

China Extended its SNI Censorship to QUIC

2025-04-04T00:00:00+00:00

QUIC, the successor to TLS over TCP, has become popular in recent years. Despite its increase in popularity, QUIC has remained largely uncensored: Only Russian TSPU devices analyzed QUIC connections and could extract the server’s hostname from the SNI extension. Other censors—such as China’s GFW—have not been found capable of sophisticated QUIC analysis; in January 2025, we noticed sophisticated QUIC censorship in China.

Similar to Russian TSPU devices, the GFW now extracts the SNI extension from QUIC connections and blocks unwanted connections. As of now, the GFW’s QUIC censorship operates on a limited list of hostnames, is residual-only, and triggers inconsistently. Based on these characteristics, we suspect that the deployment of QUIC censorship in the GFW is an ongoing process: This process might culminate in broad QUIC censorship by the GFW. This blog post details our findings.

Censors Ignore Unencrypted HTTP/2 Traffic

2024-11-19T00:00:00+00:00

Censors worldwide have long censored unencrypted HTTP traffic. In this blog post, we show that a specific HTTP version—unencrypted HTTP/2—is unaffected by censorship in China and Iran. We access otherwise censored websites in both countries over unencrypted HTTP/2. Despite no web browser implementing unencrypted HTTP/2, we detect that up to 6.28% of websites support unencrypted HTTP/2 traffic. To aid the community and ease future research, we provide a tool that evaluates the unencrypted HTTP support of a website. Finally, we discuss the limitations and potential of unencrypted HTTP/2 for censorship circumvention. We consider our finding an interesting addition to current censorship circumvention techniques.

Russia Censors the Encrypted Client Hello(ECH)

2024-11-11T00:00:00+00:00

Last week, Russia started blocking the Encrypted Client Hello (ECH). This prevents Russian internet users from utilizing ECH for censorship circumvention. It also blocks otherwise uncensored websites such as SteamDB. Below, I summarize ECH, detail Russia’s ECH censorship, and discuss possible remedies for affected users and ECH in general.

When, Who, and What

On November 7th, Russian authorities announced the beginning censorship of ECH¹. This development is a reaction to Cloudflare’s ECH activation roughly two months prior². Russia now blocks all ECH connections from Russian Internet users to Cloudflare with dedicated censorship devices (TSPU)³. This led to Russian Internet users being unable to connect to some Cloudflare websites.

What is ECH?

The Encrypted Client Hello (ECH) is an extension to TLS, the protocol that encrypts most Internet connections. Due to their prevalence, TLS connections are widely analyzed by Internet censors such as the one in Russia. Key to censors’ analysis of TLS connections is the Server Name Indication (SNI) extension containing the hostname of the accessed website in plaintext. The ECH extension encrypts the SNI alongside other information that could compromise the server. This prevents censors from determining the servers’ identity, making ECH a viable censorship circumvention technique. Further hardening ECH against censorship, a bogus ECH extension can be included in TLS connections to servers without ECH support. This way, censors can not block all ECH connections as they are indistinguishable from non-ECH connections.

How Russia Censors ECH

Despite its best efforts, ECH is still censorable. While ECH encrypts the original SNI extension, it introduces another, again unencrypted, SNI extension. The so-called public hostname in the unencrypted SNI is defined by the server and usually shared by multiple domains. For instance, Cloudflare specifies cloudflare-ech.com as the public hostname for all ECH connections. This makes ECH traffic to Cloudflare detectable and, thus, censorable. Taking advantage of the situation, Russia now blocks all TLS connections to Cloudflare with an ECH extension and an SNI extension containing cloudflare-ech.com.

Consequences for Russian Internet Users

Russia’s blocking of ECH has two main consequences for Russian Internet users. First, censored websites made accessible by ECH are now inaccessible again. To access them, users have to resort to other circumvention methods. Second, uncensored websites behind Cloudflare’s ECH mechanism such as SteamDB⁴ are also inaccessible. To access them, users can disable ECH in Firefox and Chrome to make them accessible again.

Tackling the General Problem

To prevent censors from blocking all ECH connections, ECH connections must be truly indistinguishable from non-ECH connections. This cannot be achieved as long as a static and easily detectable public hostname such as cloudflare-ech.com is transmitted in plaintext alongside any ECH connection. Randomizing this hostname or replacing it with an uncensored hostname would solve the problem from a censorship point of view. While the standard allows such behavior it advises against it⁵ and Cloudflare rejects all ECH connections with hostnames other than cloudflare-ech.com. To make ECH more resilient against censorship, I advertise a discussion about the problems of ECH’s public hostname.

Circumventing the GFW with TLS Record Fragmentation

2023-06-27T00:00:00+00:00

TCP fragmentation has long been known as a viable deep packet inspection (DPI) circumvention technique. However, censors are increasingly aware of this technique. We propose TLS record fragmentation as a new censorship circumvention technique on the TLS layer that functions analogously to TCP fragmentation. Using TLS record fragmentation, we successfully circumvented the DPI of the Great Firewall of China (GFW). We also found that over 90% of TLS servers support this new circumvention technique. To contextualize TLS record fragmentation for future work, we discuss its possibilities and limitations.