On Fri, Aug 07, 2020 at 05:56:30PM -0600, David Fifield wrote: > Most of the functions of the Great Firewall work bidirectionally, and > the ESNI detection and blocking are no exception. Sending an > ESNI-containing ClientHello from *outside* of China to a server > *inside* results in temporary blocking, just the same as sending one > from the inside to the outside. This makes it easy to experiment with, > even if you don't control a host in China.
Triggering blocking from the outside no longer works. ESNI connections that originate inside the firewall are still blocked. This was first observed by GFW report, who were able to isolate the change from bidirectionality to unidirectional to a five-minute window: between 06:27 and 06:32 UTC on 2020-08-13. I tried it myself, and I confirm that I am not now able to trigger ESNI blocking from outside the firewall. https://github.com/net4people/bbs/issues/43#issuecomment-673322409 _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
