So then you're theorizing that this is a whitelist approach to VPN connections. Again, this would seem really heavy-handed, since it would block the vast majority of VPN traffic. It's certainly not the case for me currently (I'm in China), but it's possible that other cities are taking that approach.
> since it would block the vast majority of VPN traffic
Which would be a problem for the Chinese government HOW?
I think those very blunt ways of identifying "unwelcome" connections and then just blocking them looks like exactly the solution a government makes that doesn't twitch an eye at re-locating thousands because they want to build a dam right there.
So far encrypted traffic was a neat way of circumventing the control, now this could be trying to just plug those holes. Even if the handshake message does not say "OpenSSH xx...." at least the protocol response to random data would give them a clue and it is (sort of) more difficult to fix on a larger scale because they could always fine-tune the finger-printing.
Instead of monitoring and analyzing all outgoing connections all the time, they just figure out where they are going and then block the destination once and for all - sounds logical and neat.
