←back to thread

Censors Ignore Unencrypted HTTP/2 Traffic (2024)

(upb-syssec.github.io)
62 points ArinaS | 1 comments | 14 Apr 25 18:23 UTC | HN request time: 0s | source
Show context
joshstrange ◴[15 Apr 25 12:30 UTC] No.43691787[source]
Ok, I’ll ask the stupid question:

Why not use _Encrypted_ HTTP/2 traffic? The article goes on and on about HTTP 1.1 and unencrypted HTTP 2.0 but never once mentioned encrypted HTTP 2.0 which I would assume shares the exact same binary/“hard to block” characteristics of unencrypted HTTP 2.0.

I can only assume that everyone knows why that’s already blocked in China, but I don’t

replies(1): >>43692824 #
1. zinekeller ◴[15 Apr 25 14:02 UTC] No.43692824[source]
Because China already uses TLS SNI sniffing anyways, and since that TLS is the outermost layer, it does not matter which HTTP version* is inside, it's already blocked anyways.

* For those who knows HTTP/3, the answer is port blocking.