Re: [TLS] Possible blocking of Encrypted SNI extension in China

Nick Sullivan <> Tue, 11 August 2020 22:40 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id AF0383A0D66 for <>; Tue, 11 Aug 2020 15:40:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 6cvL8gLhOKrQ for <>; Tue, 11 Aug 2020 15:40:40 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4864:20::e2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 0CA103A0B34 for <>; Tue, 11 Aug 2020 15:40:40 -0700 (PDT)
Received: by with SMTP id j188so139398vsd.2 for <>; Tue, 11 Aug 2020 15:40:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=OzKHP0R5c1hB/dtX1Wv4RLoFxmd5rEQDWPysWV7UXt8=; b=tKTChxgemp6rzNFJe/7Cu/em6fuDHrK5VULLPlv4fI2f0EZtpWW8C2RQqUXfMcst/R ts2YJevPqvFEHhb7OwUq6pPlZxsuLW5wh+ViBCQ0hntpWX5eXEvyfoKBBEqLq0n7G7iQ 1iOpGwSc5KHhFPEoCDt2AjNzKEp/C1o/XvorU=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=OzKHP0R5c1hB/dtX1Wv4RLoFxmd5rEQDWPysWV7UXt8=; b=LrKE46Ym6MENL4YPJj+N+JsqVHWWNeBvajJSxoBxLYNXy/5FJ2qXLQAX2V32h2UKyg GUebekM47ZZdHbaFQRHVJMMmeDyriqMrXnOB+20LnfIksbzZgZfIltHTybdMuLHEBYd+ zhdQFDHT6+pBmQBQ8UkR3eOhV3FdhtNfiCSf+BRWJNgKrDNJulKfeWJwNawA7pgUNl+a ArrAWH1gKHI87RVhThVV9OG3wifKIUYpAqm4Ckp/eCqvC3dYUcDzkOhsOqB6hUSppKpb 9YLuUwYkg50CuAALunqKEmsA6kAoy7CdbgBGeLuJU3D0+HWrWLas+oEgtrhbrpRILfmI /2oQ==
X-Gm-Message-State: AOAM5312DxqsYT6f5B3tconVQBQBvkbLEp7x2QCxXy2M5Oi2G1+v6HI6 20Ia7TV+5LOulB3SUuMJ1fzCQ7bJjThKcBZSjrayPtDcx2ECNA==
X-Google-Smtp-Source: ABdhPJxxoeUUfgsDmmVWfsWyo/cRoiJQl/ip2ON4vwKt7guSKr5vAGlcMFzap5z3xCJmE+IO+kptLlQ9PE8LcxPNBo0=
X-Received: by 2002:a67:1881:: with SMTP id 123mr25193120vsy.172.1597185638772; Tue, 11 Aug 2020 15:40:38 -0700 (PDT)
MIME-Version: 1.0
References: <> <>
In-Reply-To: <>
From: Nick Sullivan <>
Date: Tue, 11 Aug 2020 15:40:21 -0700
Message-ID: <>
To: Christian Huitema <>
Cc: onoketa <>, "" <>
Content-Type: multipart/alternative; boundary="000000000000a418fb05aca1c2c3"
Archived-At: <>
Subject: Re: [TLS] Possible blocking of Encrypted SNI extension in China
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 11 Aug 2020 22:40:42 -0000

It's important to note that the Firefox Nightly client does not implement
GREASE of any form, so only the connections to sites that are known to
support the ESNI could be blocked by this method. These connections
stick out like a sore thumb among connections from this browser since ESNI
is supported by a minority of sites.

If ECH is deployed in a client with GREASE enabled, then every client hello
from the supporting client will contain the ECH extension whether the site
supports ECH or not. The traffic from the supporting user agent would stick
out, but simple filters that check for the presence of specific extensions,
would not be able to differentiate between connections to sites with ECH
enabled and to those without ECH.

On Thu, Jul 30, 2020 at 11:18 AM Christian Huitema <>

> On 7/30/2020 8:45 AM, onoketa wrote:
> > Hi,
> >
> > The Great Firewall of China may have identified and blocked
> > Cloudflare's ESNI implementation.
> >
> > I have found that when using a TLS client hello with ESNI extension to
> > connect to servers behind Cloudflare's CDN, the connection will be cut
> > off after the whole TLS handshake is done. And then that IP address
> > will be blocked at the TCP level for several minutes.
> Thanks for the report. I think this relates to our ambivalence about the
> requirement for ESNI to not "stick out". That requirement is hard to
> meet, and designs have drifted towards an acceptation that it is OK to
> stick out as long as a sufficiently large share of the traffic does it.
> If that share is large, goes the reasoning, it would be too costly for
> censors to just "drop everything that looks like ESNI". Well, given
> actors like the Great Firewall, one wonders.
> -- Christian Huitema
> _______________________________________________
> TLS mailing list