Ali Zohaib, University of Massachusetts Amherst; Qiang Zao, GFW Report; Jackson Sippe and Abdulrahman Alaraj, University of Colorado Boulder; Amir Houmansadr, University of Massachusetts Amherst; Zakir Durumeric, Stanford University; Eric Wustrow, University of Colorado Boulder
Despite QUIC handshake packets being encrypted, the Great Firewall of China (GFW) has begun blocking QUIC connections to specific domains since April 7, 2024. In this work, we measure and characterize the GFW's censorship of QUIC to understand how and what it blocks. Our measurements reveal that the GFW decrypts QUIC Initial packets at scale, applies heuristic filtering rules, and uses a blocklist distinct from its other censorship mechanisms. We expose a critical flaw in this new system: the computational overhead of decryption reduces its effectiveness under moderate traffic loads. We also demonstrate that this censorship mechanism can be weaponized to block UDP traffic between arbitrary hosts in China and the rest of the world. We collaborate with various open-source communities to integrate circumvention strategies into Mozilla Firefox, the quic-go library, and all major QUIC-based circumvention tools.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
author = {Ali Zohaib and Qiang Zao and Jackson Sippe and Abdulrahman Alaraj and Amir Houmansadr and Zakir Durumeric and Eric Wustrow},
title = {Exposing and Circumventing {SNI-based} {QUIC} Censorship of the Great Firewall of China},
booktitle = {34th USENIX Security Symposium (USENIX Security 25)},
year = {2025},
isbn = {978-1-939133-52-6},
address = {Seattle, WA},
pages = {783--802},
url = {https://www.usenix.org/conference/usenixsecurity25/presentation/zohaib},
publisher = {USENIX Association},
month = aug
}
