Russian TSPU devices directly block ECH by dropping ClientHello messages that contain both an ECH extension and the outer SNI hostname "cloudflare-ech.com" — the static outer SNI Cloudflare advertises in all its ECH configurations. Blocking affects both TLS and QUIC. ECH connections to servers with Cloudflare ECH support but outside Cloudflare's official IP ranges are NOT blocked. TCP segmentation alone or TLS record fragmentation alone did NOT bypass TSPU ECH blocking, but combining both techniques did circumvent it. TSPU has also added TCP reassembly capabilities that defeat previously effective fragmentation-only bypasses.

Neither China nor Iran directly block ECH ClientHello messages; instead both effectively prevent ECH by censoring encrypted DNS resolvers. China blocks Cloudflare's DoH/DoT resolver (mozilla.cloudflare-dns.com) via SNI-based blocking in TLS and QUIC, causing residual censorship of up to 360 and 180 seconds respectively. Iran blocks both Cloudflare and NextDNS DoH hostnames via DNS block-page injection, TLS TCP RST, and HTTP block pages. Iran cannot analyze QUIC, so DoQ is uncensored and enables ECH in Iran. China's NextDNS IP blackholing affected only one of two resolved IPs, leaving an uncensored path.

§5, Table 1, Figure 5 detection

Of 640,694 TLS 1.3 servers in the Tranco Top 1M (Feb 2025), 51.28% parse ECH extensions but only 43% actually handshake ECH — and virtually all of those are Cloudflare servers (278,040). Only 6 non-Cloudflare servers successfully handshaked ECH. Cloudflare's own servers have a 44% non-advertisement rate: servers that can handshake ECH but do not publish their ECH configuration in DNS, typically because the operator manages their own DNS outside Cloudflare. The total number of advertised ECH configurations dropped from ~180,000 in November 2024 to ~150,000 by April 2025.

§4.1, §4.2, Figure 3, Figure 4 evaluation

Chrome and Firefox send GREASE ECH extensions in every ClientHello message, meaning a censor that blocks all ECH-containing ClientHellos would block all Chrome and Firefox TLS traffic. Cloudflare's static outer SNI "cloudflare-ech.com" in all its ECH configurations makes real ECH connections trivially distinguishable from GREASE ECH — censors can block real ECH connections to Cloudflare without triggering GREASE collateral damage. Cloudflare rejects ECH handshakes with omitted or invalidated outer SNI values; non-Cloudflare ECH deployments accept missing and invalid outer SNIs.

§2.1, §4.1, §6 detection

The GFI's HTTP and HTTPS filters are now stateful (requiring initial SYN packet with matching sequence numbers) and have been activated on all TCP ports—not only standard ports 80 and 443 as reported by prior studies. This is a significant departure from previous work that found stateless HTTP/HTTPS blocking limited to standard ports. The HTTP filter injects a 403 Forbidden blockpage (not RST packets as used by the GFW), while HTTPS injects a single RST+ACK packet. The GFI also exhibits TCP non-compliance (not requiring a full three-way handshake to trigger filtering), enabling outside-in measurement without in-country servers.

2025-tai-irblock §2.1, §3.2 dpirst-injectionpacket-injectionmiddlebox-interference

China's Great Firewall showed anomalous inconsistency: 13 test vectors produced mixed outcomes—TCP RST injection on some executions and a clean server response on others—with circumvention rates between 10% and 35% across 100 executions per vector. The authors attribute this to heterogeneous GFW infrastructure components applying different HTTP parsing logic, a departure from the GFW's usual consistency.

2024-m-ller-turning §5.2 dpirst-injectionkeyword-filteringmiddlebox-interference

Server-side censorship evasion strategies require zero client-side changes: clients bypass censorship without installing software or even being aware of the evasion, and this approach has been adopted in production tools including Psiphon's packetman. The packet manipulations exploit weaknesses in how censors track or tear down TCP connections, occurring entirely at the server during the three-way handshake.

2023-tran-crowdsourcing §1 Introduction dpirst-injectionmiddlebox-interference

The paper identifies three distinct GFW resynchronization-state triggers with protocol-specific behavior: (1) a server payload on any non-SYN+ACK packet causes resync on the next SYN+ACK or client ACK-flagged packet for all protocols; (2) a server RST causes resync on the next client packet for all protocols except HTTPS; (3) a SYN+ACK with a corrupted acknowledgment number triggers resync only for FTP. Strategy 1's 50% per-attempt success rate for HTTP is confirmed to result from the 50% probability of the GFW entering the resynchronization state on an injected RST, consistent with Wang et al. [36].

2020-bock-come §5.1 dpirst-injectionmiddlebox-interference

The paper presents 11 purely server-side censorship evasion strategies requiring zero client-side software, successfully bypassing censorship in China, India, Iran, and Kazakhstan across DNS-over-TCP, FTP, HTTP, HTTPS, and SMTP. All strategies manipulate only TCP handshake packets (primarily the SYN+ACK) and were verified against 17 versions of 6 client operating systems (Windows XP–Server 2018, MacOS, iOS, Android, Ubuntu, CentOS) with unmodified clients.

2020-bock-come §1, §5, Table 2 dpirst-injectionmiddlebox-interference

Evasion strategies are strongly censor-specific: TCB Teardown strategies that achieve 80–96% against the GFW fail completely (0%) against Kazakhstan's HTTPS MITM; India's Airtel is defeated uniquely by a 'Stutter Request' (duplicating the PSH/ACK and replacing IP length to 64) at 100% success, which scores only 3% against the GFW. Geneva converged on distinct species for each censor within 4–8 hours of live training.

2019-bock-geneva Table 1, §5.1–5.4 dpirst-injectionmiddlebox-interference