The Great Firewall of China, or GFW, is an internet security system designed to ensure that Chinese people can only access websites and online services that are vetted and certified by the country's government.
The GFW's activities are often monitored by foreign countries to see what types of activities are or are not allowed to enter the country's internet network. Recently, it was reported that the firewall system was blocking connections through TCP port 443, which is typically used for HTTPS traffic (an encrypted data connection technology that is difficult for hackers to intercept).
In short, when this happened, Chinese people were unable to access any websites hosted abroad, including those previously allowed by the Chinese government. This lasted for about an hour, and no explanation has been given by anyone so far.
The Great Firewall Report (GFR) which reported on this matter said that for a period of one hour, all data packets sent by users from within China, including servers that wanted to send data out of the country, were intercepted by TCP RST+ACK packets. This packet simply prevents any traffic that appears to be going in and out of the country from passing through the firewall.
They said that the situation is quite puzzling for several reasons. First, only TCP port 443 is showing this restriction, but not ports 22, 80, 8443 which can also be used to provide access to HTTPS traffic.
Second, this restriction was most likely initiated from within China itself. This is because the GFR said that during this incident, HTTPS packets from both users and servers from China that were sent abroad were intercepted by TCP RST+ACK packets, but for HTTPS traffic sent from abroad into China, it was only intercepted on data packets that had received confirmation of data receipt at the server level.
Another puzzling thing is that this packet interception attack was carried out using a firewall that they were not previously familiar with. Not only that, it is not yet known if the configuration set by the firewall hardware was done intentionally or a misconfiguration by the developer of the digital security system.
Since it was only operational for an hour, the expectation is that the second reason may be more reasonable.
The GFR has also explained in more detail the technical details of this massive HTTPS traffic blocking. If you are interested in learning more, you can read about it via the link below.