TLS 1.3 and ESNI blocked in blow to privacy-enhancing technology

Chinese censors have begun blocking TLS connections with the Encrypted Server Name Indication (ESNI) extension, in an attempt to reassert state-led censorship controls.

Security researchers reported that, starting from late July, the Great Firewall (GFW) of China has been blocking ESNI, one of the foundational privacy-enhancing features of TLS 1.3.

Academics have documented various client- and server-side workarounds to China’s heightened security controls, but any relief these hacks offer may only be temporary.

Needing DoH

Before DNS-over-HTTPS (DoH), domain name to IP address lookup requests were transmitted in the clear without any encryption.

This meant anyone with access to a user’s internet traffic – be that an ISP or China’s Great Firewall system – could inspect a DNS request and see what domain was being looked up.

The DNS inspection approach is among several techniques used by Chinese censors in order to block access to restricted domains.

This situation changed with the recent introduction of DoH and ESNI – technologies that made DNS lookups fully encrypted and therefore censor resistant.

John ‘Turbo’ Conwell, principal data scientist at DomainTools, explained: “This means that anyone monitoring DNS traffic wouldn’t be able to see what domains are being resolved.

“This posed a problem for China, prompting them to make a change… to their Great Firewall to block all TLS 1.3 and ESNI traffic, effectively stopping people in China from using DoH to hide their DNS lookups.”

Back in the shadows

Just weeks after the Chinese government introduced this upgrade to the GFW, a toolkit called Noctilucent was released at DEF CON 2020.

For a time, Noctilucent made it possible to get around these blocking tactics.

Noctilucent circumvents encrypted request blocking by adding both unencrypted and encrypted SNI components to ClientHellos when establishing a TLS connection.

This would expose some benign domain as plaintext in the SNI extension of the TLS handshake, but the actual domain being requested would be encrypted in the ESNI extension.

Any snoop or censor would think the request was innocuous and let it through, unaware of the hidden encrypted request.

“Unfortunately, this win for privacy was very short-lived," according to Conwell. “On August 10, 2020 Cloudflare made an update to their system to block all HTTPS requests that contain both SNI and ESNI extensions in DNS requests, effectively killing Noctilucent.”

Dousing the flames

In the wake of this latest development, some experts were pessimistic about the future of open access to the internet by those in China attempting to circumvent ever-tighter controls.

Richard Bejtlich, principal security strategist at Corelight, commented: “Those who developed TLS 1.3 and ESNI believed that they could enable privacy by encrypting almost every aspect of a connection.

“The Chinese Communist Party decided that level of encryption was beyond the capabilities of their Great Firewall to inspect, so they are now blocking *all* TLS 1.3 and ESNI connectivity.

“This is a setback for those in China trying to access the free Internet, and probably not what the designers of TLS 1.3 and ESNI expected,” he added.

Read more of the latest data privacy news

Bejtlich told The Daily Swig that the long-term prospects of those relying on either virtual private networks (VPNs) or Tor to bypass Chinese censorship was far from assured.

“I expect China will eventually be able to block Tor and VPNs completely,” he said. “Residents will have to use satellite phones, amateur radio, and other means that do not ride over GFW-inspected lines to communicate with the outside world.”

Bejtlich concluded: “Western biz and expats will lose the ability to work via VPN and have to either accept inspection or go home.”

RECOMMENDED Top hacks from Black Hat and DEF CON 2020