With the increasing use of TLS encryption over web traffic, censors start to deploy SNI filtering for more effective censorship. Specifically, a censor can identify the web domain being accessed by a client via the SNI extension in the TLS ClientHello message. In response, in August 2018, a new extension called ESNI (Encrypted-SNI) is proposed for TLS 1.3, aiming at fixing this server name leakage. In this paper, we first characterize SNI-based censorship in China by measuring its prevalence

more »

... effectiveness. We outline its assisting role in censorship by comparing it with other commonly used censorship methods. We then measure the deployment prevalence of ESNI and further analyze its current and potential effectiveness in censorship circumvention. We also monitor the censorship associated with ESNI from 14 areas all around the world. Based on our analysis, we discuss the key factors to the success of ESNI and potential problems in a post-ESNI era. We hope our work will make ESNI a more promising and effective censorship circumvention strategy.