Weird. Thanks for the update. How are you confirming that it's blocked from inside-out?
> On Aug 13, 2020, at 10:30 AM, David Fifield <da...@bamsoftware.com> wrote: > > On Fri, Aug 07, 2020 at 05:56:30PM -0600, David Fifield wrote: >> Most of the functions of the Great Firewall work bidirectionally, and >> the ESNI detection and blocking are no exception. Sending an >> ESNI-containing ClientHello from *outside* of China to a server >> *inside* results in temporary blocking, just the same as sending one >> from the inside to the outside. This makes it easy to experiment with, >> even if you don't control a host in China. > > Triggering blocking from the outside no longer works. ESNI connections > that originate inside the firewall are still blocked. This was first > observed by GFW report, who were able to isolate the change from > bidirectionality to unidirectional to a five-minute window: between > 06:27 and 06:32 UTC on 2020-08-13. I tried it myself, and I confirm that > I am not now able to trigger ESNI blocking from outside the firewall. > https://github.com/net4people/bbs/issues/43#issuecomment-673322409 > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
