2022-blocking-tls-circumvention
Large scale blocking of TLS-based censorship circumvention tools in Chinacore
Abstract
October 2022 wave of GFW blocking targeting TLS-based circumvention
tools (Trojan, V2Ray TLS, naiveproxy, etc.). The blocking applies
passively to flows whose first packet looks fully-encrypted and
appears to be the operational rollout that the 2023 USENIX Security
paper later formalized.
Team notes
This is the operational write-up that preceded the 2023 USENIX paper
formalizing the same detector. Important historical reference: the
detector existed in production from late 2022 and only got named /
formalized later. When we see "TLS-based circumvention working in CN
again," check the entropy/popcount profile of the first packet —
that's the active classifier rule the 2022 wave introduced.