一元网络论坛

 找回密码
 立即注册
搜索
热搜: 活动 交友 discuz
查看: 94|回复: 0

Cloudflare's ECH can bypass blocked domains directly

[复制链接]

2万

主题

2万

帖子

8万

积分

管理员

Rank: 9Rank: 9Rank: 9

积分
83578
发表于 2024-10-3 22:18:57 | 显示全部楼层 |阅读模式
The Cloudflare CDN by default starts the ECH feature for free plans, but there is no "encrypted Client Hello (ECH) option" in the SSL -> Edge certificate section when paying for the plan. Only paid plans allow you to manually turn off or on ECH. Pinging a blocked domain like test.com on itdog.cn, which sometimes resolves to incorrect IP addresses such as those from KT and Deutsche Telekom, will work after enabling ECH, without needing a proxy. However, ECH is not always effective; I still have one domain that gets reset, while another does not. There can be situations where it works at first but then stops working later. The three main reasons for blocking domains include:
1. Getting incorrectly resolved to IP addresses from Korean KT and German Telecom etc., this is useful but not guaranteed.
2. High DNS pollution, meaning getting dozens of incorrect IP addresses, none of which were Twitter, Facebook, Dropbox, etc. Even with ECH enabled, it doesn't seem to help much.
3. Resolving the IP correctly, but ssl being reset, I haven't tried this yet.
I haven't tested it in Fujian or Henan provinces, nor other cases of being blocked. It seems high walls might target Cloudflare in the future, but currently all free plans' domains start with ECH, and there's no option to disable it.
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

Archiver|手机版|小黑屋|一元网络论坛

GMT+8, 2024-11-6 11:27 , Processed in 0.083069 second(s), 19 queries .

Powered by Discuz! X3.4

Copyright © 2001-2020, Tencent Cloud.

快速回复 返回顶部 返回列表