The operators of China’s Great Firewall have rolled out an update this week that has blocked several protocols that have been recently utilized by Chinese citizens to bypass the country’s internet censorship system.
GFW Report, a project that tracks changes in China’s Great Firewall, said that protocols like trojan, Xray, V2Ray TLS+Websocket, VLESS, and gRPC have all stopped working on Monday.
All are TLS-based protocols used for tunneling internet traffic via port 443 or any other custom port.
“More than 100 users reported that at least one of their TLS-based censorship circumvention servers had been blocked,” GFW Report noted on Tuesday.
“The blocking is done by blocking the specific port that the circumvention services listen on. When the user change the blocked port to a non-blocked port and keep using the circumvention tools, the entire IP addresses may get blocked,” they added.
“While most of the users report their port 443 got blocked, a few users reported that their non-443 port on which circumvention services listen got blocked as well.”
Researchers believe the blocking is currently being done via the TLS fingerprints of those tools and protocols and that using something like uTLS could let developers change their fingerprints and avoid the block.
The good news is that some circumvention tools are still working; although the number is slowly dwindling.
It looks like #China is now blocking multiple TLS-based circumvention tools. naiveproxy, which uses the Chrome stack, seems ok.
This doesn't affect Outline, which uses Shadowsocks and is not TLS-based. https://t.co/zDjimY6uMO
— Vinicius Fortuna (he/him) (@vinifortuna) October 4, 2022
The move to block these popular GFW circumvention tools comes two days after the Chinese government also blocked access to 1,147 Google domains. This includes both DNS and SNI-based blocks, in China’s greatest crackdown on Google services to date.