GFW monitors and reports on China’s censorship efforts said the Chinese appeared to have cracked down on TLS encryption-based tools used to evade the Firewall.
More than 100 users reported that at least one of their TLS-based censorship circumvention servers had been blocked. The TLS-based circumvention protocols that are reportedly blocked include trojan, Xray, V2Ray TLS+Websocket, VLESS, and gRPC.”
Trojan is one tool that catapults over the Great Firewall using TLS encryption. Xray, V2ray and VLESS are VPN-like internet tunneling and privacy tools.
Blocking appears to be done by by hitting the port that the circumvention services use to listen. When the user changes the blocked port to a non-blocked port and keep using the circumvention tools, the entire IP address is shut down.
Blocking seems to be automatic and dynamic and related to the TLS fingerprints of those circumvention tools,” the organisation asserts.
An alternative circumvention tool, naiveproxy, appears not to be impacted by these changes.
SNI, for what it's worth, is used by browsers connecting to a web server using TLS (HTTPS) to specify the domain of the website the user wishes to visit. A server can handle multiple sites from one IP address, and SNI is used to select the site the person wants. SNI is typically sent non-encrypted, prior to the establishment of encryption between the browser and server, so it's ripe for government snoops to detect and use to censor unwanted connections.
It’s not hard to guess why China might have chosen this moment to upgrade the Great Firewall: the 20th National Congress of the Chinese Communist Party kicks off next week. The event is a five-yearly set piece at which Xi Jinping is set to be granted an unprecedented third five-year term as president of China.