-
Notifications
You must be signed in to change notification settings - Fork 82
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Blocking of Cloudflare ECH in Russia, 2024-11-05 #417
Comments
Other reporting and discussion.
|
Since they are "suggesting" people to move to local alternatives to cloudflare. How likely it is that they gonna block all of the ip addresses of cloudflare? |
Thanks for summarizing this information. The upcoming ECH test in OONI, although it only supports the GREASEd ECH extension, based on what has been reported so far should be enough to test for this behaviour. Based on the input in this thread we are adding support for testing a different as per: https://datatracker.ietf.org/doc/html/draft-ietf-tls-esni-22#section-6.1-6
the value inside of the Here is the diff of the changes to the test: ooni/probe-cli#1658 and specification: ooni/spec#297 If there are any thoughts on what we might want to do additionally to this, let us know. We are planning to ship this release of the measurement engine next week. |
From what I've been able to gather from asking on NTC, it seems that both Firefox and Chrome have a fallback to retry an ECH connection without ECH. Firefox falls back automatically after a certain amount of time. Chrome falls back after clicking the Reload button multiple times, but the fallback is disabled if DoH is configured. Treat these observations as preliminary. Is anyone an expert at searching Bugzilla or the Chromium Issue Tracker, or exploring the source code of Firefox or Chromium, who can find where these apparent non-ECH fallback policies might be enacted?
|
This comment was marked as duplicate.
This comment was marked as duplicate.
To disable ECH client-side on Chromium based browsers you can take advantage of Enterprise Chromium Policies (the name is quite misleading, the policies can be applied to any Chromium-based browsers, and do not require an account, or an enterprise subscription) The policy in question is called EncryptedClientHelloEnabled Google's docs on Chromium policies are very confusing, so I suggest to read Brave Browser's documentation on that topic instead: https://support.brave.com/hc/en-us/articles/360039248271-Group-Policy I will be providing examples for Brave Browser, but the same principle applies to any Chromium browser. You just have to substitute brave's paths to whatever browser's paths you're using. Instructions differ based on the OS you're using: macOS:Run in the terminal: defaults write com.brave.Browser EncryptedClientHelloEnabled -bool false Windows:Uncompress and apply this Under the hood it modifies the registry in GNU/Linux:Run in the terminal: sudo mkdir -p /etc/brave/policies/managed/ && echo '{"EncryptedClientHelloEnabled": false}' | sudo tee /etc/brave/policies/managed/managed_policies.json You can confirm that the policy is applied by checking |
The reason it works on Windows 10 vs 11 is that on Windows 10 there is a bug in WIndows API and it cannot request HTTPS RR that containts ECH key. // For some reason, the DNSQuery_A API doesn't work on Windows 10. |
[Discussion moved from #393 (comment). NTC threads are https://ntc.party/t/12837 (technical information) and https://ntc.party/t/12732 (discussion).]
Cloudflare's deployment of Encrypted Client Hello (ECH) is blocked in multiple networks in Russia since 2024-11-05. The blocking trigger is the presence of both of the following two elements in the Client Hello:
cloudflare-ech.com
.Neither of these elements on its own is sufficient. That is, an SNI of cloudflare-ech.com without an ECH extension is not blocked, and ECH extensions that use an SNI other than cloudflare-ech.com are not blocked. In particular, you can still make ECH connections to servers that use a different public_name, such as defo.ie and tls-ech.dev; and GREASE ECH with SNI different from cloudflare-ech.com is not blocked.
Both TCP-based HTTP/2 and UDP-based HTTP/3 (QUIC) are affected. The blocking mechanism is packet dropping on the connection after the signature is detected (i.e., not a TCP RST or other overt teardown).
It seems that Firefox, at least, will retry the connection without ECH after a long delay (about a minute). Such a fallback to plaintext SNI apparently violates the ECH specification: "the client MUST NOT fall back to using unencrypted ClientHellos, as this allows a network attacker to disclose the contents of this ClientHello, including the SNI."
The blocking of ECH was officially acknowledged in a notice from the Public Communications Network Monitoring and Control Center (ЦМУ ССОП):
https://cmu.gov.ru/ru/news/2024/11/07/рекомендуем-отказаться-от-cdn-сервиса-cloudflare/ (archive)
OONI tests web connectivity to the SNI cloudflare-ech.com, and similarly GlobalCheck, but the measurements do not show blocking. That is because these tests do not have the other necessary part of the signature, the ECH extension. OONI is working on a dedicated ECH test.
#393 (comment)
The text was updated successfully, but these errors were encountered: