Zorinaq mrb's blog My Experience With the Great Firewall of China When I recently visited China for the first time, as an InfoSec professional I was very curious to finally be able to poke at the Great Firewall of China with my own hands to see how it works and how easy it is evade. In short I was surprised by: Its high level of sophistication such as its ability to exploit side-channel leaks in TLS (I have evidence it can detect the "TLS within TLS" characteristic of secure web proxies) How poorly simple Unix computer security tools fared to evade it 2 of the top 3 commercial VPN providers in China uses RSA keys so short (1024 bits!) that the Chinese government could factor them [Edit 2016-02-15: following my report, these 2 providers retired the short keys and now use 2048- or 4096-bit keys. Most westerners who visit China have a perfectly legitimate reason for ...