Comment by dylz
6 years ago
GFW has been all layer for a long time, including actively re-probing and connecting back to a server from random (really, virtually any CN IP space).
HTTPS is somewhat secure, but subject to MITM. Most Chinese forks of browsers ignore certificate errors and allow everything through.
Would I be safe from this type of MITM attack if my browser respects SSL warnings? (and I don't bypass them)
Generally yes.
But remember with SNI they know exactly what website you're visiting.