Niklas Niere

Niklas Niere

he/him

Ph.D. student at Paderborn University. TLS/Censorship/Cryptography 🐢

China Extended its SNI Censorship to QUIC

less than 1 minute read

Published:

QUIC, the successor to TLS over TCP, has become popular in recent years. Despite its increase in popularity, QUIC has remained largely uncensored: Only Russian TSPU devices analyzed QUIC connections and could extract the server’s hostname from the SNI extension. Other censors—such as China’s GFW—have not been found capable of sophisticated QUIC analysis; in January 2025, we noticed sophisticated QUIC censorship in China.

Similar to Russian TSPU devices, the GFW now extracts the SNI extension from QUIC connections and blocks unwanted connections. As of now, the GFW’s QUIC censorship operates on a limited list of hostnames, is residual-only, and triggers inconsistently. Based on these characteristics, we suspect that the deployment of QUIC censorship in the GFW is an ongoing process: This process might culminate in broad QUIC censorship by the GFW. This blog post details our findings.

Direct Link

You May Also Enjoy

Censors Ignore Unencrypted HTTP/2 Traffic

less than 1 minute read

Published:

Censors worldwide have long censored unencrypted HTTP traffic. In this blog post, we show that a specific HTTP version—unencrypted HTTP/2—is unaffected by censorship in China and Iran. We access otherwise censored websites in both countries over unencrypted HTTP/2. Despite no web browser implementing unencrypted HTTP/2, we detect that up to 6.28% of websites support unencrypted HTTP/2 traffic. To aid the community and ease future research, we provide a tool that evaluates the unencrypted HTTP support of a website. Finally, we discuss the limitations and potential of unencrypted HTTP/2 for censorship circumvention. We consider our finding an interesting addition to current censorship circumvention techniques.

Russia Censors the Encrypted Client Hello(ECH)

3 minute read

Published:

Last week, Russia started blocking the Encrypted Client Hello (ECH). This prevents Russian internet users from utilizing ECH for censorship circumvention. It also blocks otherwise uncensored websites such as SteamDB. Below, I summarize ECH, detail Russia’s ECH censorship, and discuss possible remedies for affected users and ECH in general.

Circumventing the GFW with TLS Record Fragmentation

less than 1 minute read

Published:

TCP fragmentation has long been known as a viable deep packet inspection (DPI) circumvention technique. However, censors are increasingly aware of this technique. We propose TLS record fragmentation as a new censorship circumvention technique on the TLS layer that functions analogously to TCP fragmentation. Using TLS record fragmentation, we successfully circumvented the DPI of the Great Firewall of China (GFW). We also found that over 90% of TLS servers support this new circumvention technique. To contextualize TLS record fragmentation for future work, we discuss its possibilities and limitations.