The Transport Layer Security (TLS) protocol emerged as a focal point of attention for the information security world during August as the Chinese government updated its censorship tool, the Great Firewall of China, to block HTTPS traffic with the latest TLS version. The topic got even more attention when security researchers offered workarounds to TLS-enabled censorship and demonstrated potential TLS-based attacks at DEF CON: Safe Mode.TLS is a widely adopted protocol that enables privacy and data security for internet communications, mostly by encrypting communications between web applications and servers. TLS 1.3, the most recent version, was published in 2018. TLS is the foundation of the more familiar HTTPS technology and hides communications from uninvited third parties, even as it does not necessarily hide the identity of the users communicating.TLS 1.3 introduced something called encrypted server name indication (ESNI), which makes it difficult for third parties, such as nation-states, to censor HTTPS communications. In early August, three organizations \u2014 iYouPort, the University of Maryland and the Great Firewall Report \u2014 issued a joint report about the apparent blocking of TLS connections with the ESNI extension in China.Using a simple Python program, the group discovered that the Great Firewall blocks ESNI connections from client to server and temporarily bans the IP addresses involved. The organizations say they have been able to find circumvention techniques that can be used either in apps or software or on the server side to thwart China\u2019s censorship blocks, but they consider these solutions temporary.Domain hiding circumvents Chinese censorshipAnother, possibly more effective, solution to dodging Chinese censorship was offered in a DEF CON talk entitled \u201cDomain Fronting is Dead, Long Live Domain Fronting,\u201d given by Erik Hunstad, CTO and adversary emulation lead at cybersecurity solutions company SixGen. With domain fronting, internet censorship is circumvented using large certificate and hosting providers to deploy different domain names at different communications layers in HTTPS.\u201cWith domain fronting, the client connects to the front domain, not the true destination domain,\u201d Hunstad said. \u201cYou can think of domain fronting like a postcard inside an envelope. On the outside of the envelope, the client writes the address of the CDN (content delivery network), but on the inside, the true destination domain is on the postcard.\u201dWhen CDNs open the letter, they deliver the postcard to the true destination internally. The use of domain fronting was significantly undercut in 2018 when the Russian government put pressure on cloud providers to stop allowing this protection because popular messaging app Telegram was using both Google and Amazon cloud services for domain fronting. Today only Microsoft\u2019s Azure and a handful of smaller companies still permit domain fronting.As a consequence, Hunstad has developed a new technique to get around censorship that he calls \u201cdomain hiding.\u201d The new technique \u201caccomplishes the same goals as domain fronting, but uses different technologies,\u201d Hunstad said. He accomplishes domain hiding by leveraging top content delivery network Cloudflare and requiring apps to have Cloudflare manage their domain DNS records.\u201cA TLS 1.3 connection with an ESNI of the true destination is made to any Cloudflare IP and the underlying HTTPS request also has a host header of the true destination. This enables any Cloudflare-owned IP to act as a front for any domain hosted by Cloudflare DNS,\u201d he said. At DEF CON, Hunstad released a new tool he\u2019s calling Noctilucent that automates the process of hiding domains using his new technique.\u201cBest of all, the requirements to sign up for Cloudflare DNS are minimal and it's free,\u201d Hunstad said. \u201cWhat domains can we use for this hiding? It turns out a lot. Over 21% of the top 100,000 sites are behind Cloudflare and allow this to work.\u201d A lot of different sites appear in this top 100,000 list, including security related sites, banks, sports, higher education streaming services, government sites and porn. \u201cSo much porn,\u201d Hunstad said.TLS as an attack vectorJoshua Maddox of security firm Latacorta warned about the use of TLS as an attack vector during his DEF CON lightning talk entitled \u201cWhen TLS Hacks You.\u201d He demonstrated that TLS can be used as a mechanism for attacking web-based systems by leveraging an existing class of vulnerability called SSRF, which stands for server-side request forgery.\u201cYou can trick the victim into accepting a weird domain name and [by] parsing it incorrectly you can include stuff like arbitrary bytes in there and smuggle stuff like SMTP (Simple Mail Transfer Protocol) commands. If you establish a session with Jmaddox.com, whether it resolves to something on the internet or your own machine, your HTTPS client will not know the difference,\u201d Maddox said pointing to how TLS sessions are cached and can be exploited.\u201cSince I, as an attacker, own jmaddox.com, I can combine all this TLS stuff with a concept called DNS rebinding\u201d to \u201cget arbitrary characters to be sent which includes new lines\u201d that allow an attacker to interact with local services. DNS rebinding is a method for manipulating domain name resolutions.One solution to the problem identified by Maddox is for sessions to be removed between servers, which he pitched to the Chromium team earlier this year. Chromium didn\u2019t quite accept that solution but did suggest a solution that would partition the servers based on whether the address is local. \u201cIt wouldn\u2019t affect performance but it would protect against most of the attack scenarios that I could think of,\u201d Maddox said.Otherwise, \u201cas an internet user you can pick Firefox and disable session identifiers if you\u2019re paranoid about this stuff,\u201d he said. For web applications, it\u2019s a good idea to run outbound requests through a proxy and reconsider your infrastructure decisions.Maddux has released a tool called TLS Poison that \u201callows for generic SSRF via TLS, as well as CSRF [cross-site request forgery] via image tags in most browsers.\u201d Once everything is set up properly in TLS Poison, both the TLS session poisoning and DNS rebinding steps should be fully functional.