Research shows that the Chinese government has updated its Great Firewall to block ESNI (Encrypted Server Name Indication), a feature of the new TLS 1.3 which underlies HTTPS communication. Given the manner in which ESNI works, this means that China is basically blocking all web traffic that uses TLS 1.3. Three organisations that track Chinese censorship — iYouPort, University of Maryland, and the Great Firewall Report — published a joint report said that such blocking occurred for the first time on July 29. ZDNet first reported on this report.
How does this work? TLS (Transport Layer Security) is the underlying encryption technology that makes HTTPS communication secure. It ensure that the users can know whom they are communicating with and that their information cannot be intercepted. TLS hides the content of the user’s communication, but not the recipient of the communication. When information is sent via TLS, it can include a Server Name Indication (SNI) field that “allows the user’s client to inform the server which website it wishes to communicate with”. Through this SNI field, government can block users from communicating with certain websites. TLS 1.3 introduced ESNI that encrypts the SNI so that intermediaries cannot view it, thereby making it harder for governments to censor. The only way out is to block all TLS connections to specific servers than to specific websites. This is what China is doing now.
What about older HTTPS protocols? For older TLS protocols, since SNI remains unencrypted, China will continue to censor traffic to specific websites.
Why is this important? As more and more countries, including India, expand their surveillance mechanisms, secure means of communication become the bedrock for citizens to exercise their freedom of speech. As governments find ways to circumvent such secure means through broad-based exemptions and blocking orders, free speech will be curtailed in unimaginable ways. As the clamour for data sovereignty increases around the world, and nation-states attempt to splinter the internet according to sovereign standards, the Chinese model, thus far the exception, may just become the template. And that is concerning.