China blocks several protocols used to bypass the Great Firewall

The operators of China’s Great Firewall have rolled out an update this week that has blocked several protocols that have been recently utilized by Chinese citizens to bypass the country’s internet censorship system.

GFW Report, a project that tracks changes in China’s Great Firewall, said that protocols like trojan, Xray, V2Ray TLS+Websocket, VLESS, and gRPC have all stopped working on Monday.

All are TLS-based protocols used for tunneling internet traffic via port 443 or any other custom port.

“More than 100 users reported that at least one of their TLS-based censorship circumvention servers had been blocked,” GFW Report noted on Tuesday.

“The blocking is done by blocking the specific port that the circumvention services listen on. When the user change the blocked port to a non-blocked port and keep using the circumvention tools, the entire IP addresses may get blocked,” they added.

“While most of the users report their port 443 got blocked, a few users reported that their non-443 port on which circumvention services listen got blocked as well.”

Researchers believe the blocking is currently being done via the TLS fingerprints of those tools and protocols and that using something like uTLS could let developers change their fingerprints and avoid the block.

The good news is that some circumvention tools are still working; although the number is slowly dwindling.

The move to block these popular GFW circumvention tools comes two days after the Chinese government also blocked access to 1,147 Google domains. This includes both DNS and SNI-based blocks, in China’s greatest crackdown on Google services to date.

Read more

• 中国大规模地封锁基于TLS的翻墙服务器
• 中国的防火长城屏蔽了google.com及其所有的子域名