China constantly amuse me. Today, I was paged by some users that the website is unreachable. Okay, I am thinking, I’m using SSL on my website (free cert from StartCom) , that should avoid being GFWed in the first place, so it is a server problem, but servers are all fine.
Then, sniffing on my user’s machine, it seems the machien is getting fake RST (a typical effect being GFW blocked). I then tried some other domains with certs from StartCom, they are blocked too! Damn, lucky me got a godaddy cert as a backup on the domain, so I load it up on the server, everything is now working again! It’s like black magic!!!
ok, so some rationale here, I think it is very possible that GFW is detecting StartCom certificate by sniffing the session parameters, as Iran demonstrated in blocking Tor. It then send fake RST to both server and client to interrupt the connection.
https://blog.torproject.org/blog/iran-blocks-tor-tor-releases-same-day-fix
Okay, what to do now? We need to figure out *which* part of the certificate they are using as keyword, unless they are blocking the whole CA (which I fear,but might be truth), Hopefully StartCom can do something to change the keyword in the cert too.
If you can send more information about the domains and how that blocking works to StartCom, that might be helpful.