No ESNI in China
Today I learned that China is blocking TLS 1.3 connections that use the new ESNI standard. ESNI stands for “Encrypted Server Name Indication” and is part of experimental TLS 1.3 features. Other TLS version such as 1.2 use SNI to identify what certificate a client requests. What this means is, even while the entire communication between the server and the client is encrypted, during the initial handshake, the client sends the expected server certificate name in cleartext. This allows Firewalls and other middle boxes to snoop on those names and detect suspicious domains. This is often used to block those connections. ESNI encrypts those names during the initial connections as well and this way prevents this snooping. This means, for the first time, the TLS connection itself doesn’t provide any useful Meta-information about the target of the connection. China doesn’t seem to like that as it would allow any host to easily proxy all kinds of connections with no way for the “Great Firewall” to apply their block lists except of IP addresses.
I came across this while reading this ZDNet article from today that talks about the topic. I highly recommend to work towards those standards as more adoption prevents such behaviour by governments. Obviously it has also implications on IT-Security mechanisms within companies but those can be solved in other ways than sniffing on TLS client hellos.