Comment by 1MachineElf
6 years ago
Up until now, I thought "The Great Firewall" was limited to layer 2, layer 3, and just layer-7 DNS controls.
The capability described in this article sounds more like a full layer-7 MITM.
That's terrifying. Is any HTTPS secure within mainlan China's networks?
Or am I misunderstanding, and it's just the government websites that are blocking incoming TLS 1.3 connections?
GFW has been all layer for a long time, including actively re-probing and connecting back to a server from random (really, virtually any CN IP space).
HTTPS is somewhat secure, but subject to MITM. Most Chinese forks of browsers ignore certificate errors and allow everything through.
Would I be safe from this type of MITM attack if my browser respects SSL warnings? (and I don't bypass them)
Generally yes.
But remember with SNI they know exactly what website you're visiting.
Some further explanation here: https://geneva.cs.umd.edu/posts/china-censors-esni/esni/
Looks like it's L4?
That link was fascinating to me. For as long as I remember, there have been tools to evade network intrusion detection systems and stateful firewalls, but I never thought about how the same techniques can be used to evade censorship.