6

I recently heard that a discussion to encrypt SNI field has been abandoned because of overhead. After a few months later, the government will bring a plan to sniffing SNI field so that they can block connections to websites that they think inappropriate into effect.

SNI field is only for web servers that have multiple domains, so it is not required for ones which only have a single domain. (Am I right?)

As bypassing censorship, I'm imagining a way to remove SNI field arbitrarily when the browser initializes handshake. Is it possible? If not, are there any other ways to bypass it successfully?

Riddle Aaron
  • 161
  • 6
  • If the web server only has a single domain, they don't need SNI to tell them which website you're connecting to. – user253751 Jun 05 '18 at 02:24
  • @immibis Then, is it possible to modify the browser not to include SNI? – Riddle Aaron Jun 05 '18 at 02:32
  • my point is it doesn't matter because *the government* doesn't need SNI to see which site you're connecting to. – user253751 Jun 05 '18 at 03:27
  • @immibis In theory at least, because no SNI would only work on sites where the IP address unambiguously indicates a specific website, but I don't know of any governments that have implemented that. – forest Jun 05 '18 at 03:47
  • @immibis The government is using DPI for censorship, and the announced that they will use SNI eavesdropping for further HTTPS censorship – Riddle Aaron Jun 05 '18 at 04:38
  • SNI is technically unneeded if server has **one certificate, which can be multiple domains** using the SubjectAlternativeName extension aka SAN or UCC (widely supported since about 2000, and as of 2017 _required_ by Chrome) and/or wildcard names (for closely related domainnames only). See https://security.stackexchange.com/questions/45/what-is-the-best-option-for-setting-up-a-several-sites-supporting-ssl-on-the-sam or https://serverfault.com/questions/807959/what-is-the-difference-between-san-and-sni-ssl-certificates – dave_thompson_085 Jun 05 '18 at 08:55
  • That said, there are Qs on some Stack just about every week for problems that turn out (sometimes after much work) to be missing SNI, so I predict if you remove SNI deliberately you will find yourself with a lot of additional work. – dave_thompson_085 Jun 05 '18 at 08:59
  • *"has been abandoned"* -- Where did you hear this? Last info I know is that the IETF tracker still lists this as "Document Type: Active Internet-Draft" => https://datatracker.ietf.org/doc/draft-ietf-tls-sni-encryption/ – StackzOfZtuff Jun 05 '18 at 11:40
  • @StackzOfZtuff from this post https://security.stackexchange.com/questions/154990/hide-clear-sni-when-using-https – Riddle Aaron Jun 07 '18 at 09:06

1 Answers1

3

Some governments already sniff SNI. I believe Russian ISPs do it to comply with regulations put forth by Roskomnadzor, for example. In cases where they are not sniffed or are not even present, encrypted connections may be blocked entirely. Additionally, websites with individual pages that are blocked may be blocked entirely when HTTPS is used. SNI sniffing is only one part of it.

You are right that disabling SNI could be used in some circumstances to bypass censorship. I operate a website which is blocked in Russia, and I've discovered that it is not blocked if the SNI field is removed. However, my website is the only one hosted on its IP address, so SNI is not necessary in the first place. It may be possible to create a browser extension to selectively disable SNI for certain websites to evade censorship, but it would not always be reliable. I do not know if Firefox's new extension API is sufficiently powerful to modify such low-level behavior.

You can modify the browser to not include SNI, but that would prevent you from connecting to an IP with multiple certificates for multiple domains. A server would have no idea what certificate to present to you when you connect to an ambiguous IP address that hosts multiple domains. SNI exists so the server can respond with the correct certificate. Encrypting SNI by doing opportunistic encryption with the server before even sending SNI would be possible and would protect against a passive adversary, but could fundamentally not protect from an active MITM.

forest
  • 65,613
  • 20
  • 208
  • 262
  • Thanks, I should find a way to implement that kind of extension. Censorship based on SNI field will be in effect a few months later in Korea. Maybe government people got an idea from Russian ISP – Riddle Aaron Jun 05 '18 at 02:55
  • @RiddleAaron: before hoping that you can easily bypass censorship just by not sending SNI: SNI is more used for filtering since traditional (and less resource intensive) IP based filtering results in overblocking in the common case multiple sites share the same IP. IP based blocking can still be done if no SNI is detected or connections without SNI can simply broadly be blocked without too much negative side effects since all modern clients will actually use SNI. – Steffen Ullrich Jun 05 '18 at 05:21
  • @Steffen Ullrich I just hope that government won't be that cruel – Riddle Aaron Jun 05 '18 at 05:55
  • @RiddleAaron Oh they will. Whether or not they'll be capable enough to actually implement it is another matter entirely. Unless such an extension becomes widespread, I doubt they would invest any effort into blocking it. – forest Jun 06 '18 at 01:29