Governments around the world limit free and open communication on the Internet through censorship. To reliably identify and block access to certain web domains, censors inspect the plaintext TLS SNI field sent in TLS handshakes. With QUIC rapidly displacing TCP as the dominant transport-layer protocol on the web, censorship regimes have already begun prosecuting network traffic delivered over QUIC. With QUIC censorship poised to expand, censorship circumvention tools must similarly adapt. We present QUICstep, a censorship-resilient, application-agnostic, performant, and easy-to-implement approach to censorship circumvention in the QUIC era. QUICstep circumvents TLS SNI censorship by conducting a QUIC-TLS handshake over an encrypted tunnel to hide the SNI field from censors and performs connection migration to resume the QUIC session in plain sight of the censor. Our evaluation finds that QUICstep successfully establishes QUIC sessions in the presence of a proof-of-concept censor with minimal latency overhead.

翻译：世界各国政府通过审查制度限制互联网上的自由开放通信。为可靠识别并拦截对特定网络域的访问，审查机构会检查TLS握手过程中发送的明文SNI字段。随着QUIC迅速取代TCP成为网络上主导的传输层协议，审查体系已开始对通过QUIC传输的网络流量进行管控。面对QUIC审查范围扩大的态势，审查规避工具也需进行相应调整。我们提出QUICstep方案——一种在QUIC时代具备抗审查性、应用无关性、高性能且易实现的规避方法。QUICstep通过加密隧道执行QUIC-TLS握手以隐藏SNI字段，从而规避基于TLS SNI的审查，并在审查机构可见状态下通过连接迁移恢复QUIC会话。实验表明，在存在概念验证级审查系统的环境中，QUICstep能以极低的延迟开销成功建立QUIC会话。