Can GFW or anyone else decrypt our TLS traffic?

[APT-ZERO]

State-sponsored hackers in China compromise certificate authority
https://arstechnica.com/information-technology/2022/11/state-sponsored-hackers-in-china-compromise-certificate-authority/

Chinese hackers hide on military and govt networks for 6 years
https://www.bleepingcomputer.com/news/security/unfading-sea-haze-hackers-hide-on-military-and-govt-networks-for-6-years/

Can China/GFW decrypt your TLS traffic by using what they have from their hacked corporations? the corps we know they breached and the ones that nobody knows yet

What about Certificate Authorities themselves or Trusted Root Certificate owners?

[APT-ZERO]

Thanks to Russians who hates Persians and attacking us in Telegram, for reminding me of this Issue
I closed this because no one had enough knowledge to answer it, it does not mean it's a dumb question
AI answered me that YES they can decrypt our data exactly how local MitM tools can decrypt the TLS data

[wkrp]

I think the reason that you did not get much engagement on this question is that it is vague and large in scope. It's unlikely that someone is going to take the effort to write a comprehensive answer, when the question is not even clear. A better approach to take is to list your sources, summarize your current understanding, and then ask specific questions. "I watched [tutorial video], and from it I understand [X], but it didn't say anything about [Y], where can I learn more?" "I read [source A] and [source B], but they contradict each other on point [Z], which one is correct?"

The short answer to your question is no, it is not possible for an adversary in the middle to decrypt TLS traffic. The longer answer is much more involved, because it is actually a complicated question. There could be bugs in the TLS implementation, one of the endpoints could be compromised in another way, the private keys might have been generated poorly. You have to think about details of authentication: whether you rely on CAs and a PKI, or if you distribute trust information in another way. No, a compromised or malicious certificate authority cannot decrypt past or current TLS connections based on already issued certificates, because, generally speaking, CAs don't have the private keys for the certificates they sign. A compromised or malicious CA could issue new certificates under its own private keys, but there are other mechanisms such as Certificate Transparency that are meant to mitigate that. Web browsers have good support for mitigations such as these, self-made TLS clients may not. Users may click through a warning even when a MITM is detected. TLS doesn't even require using certificates and public keys; there is TLS-PSK. Etc., etc., etc.

To answer the question with all nuance would be like giving one or more Introduction to Network Security lectures, which is a lot to ask. But again, the short answer to the question "can someone not involved in the connection decrypt a TLS connection" is no. It would be a mistake to avoid TLS from an erroneous idea that TLS is easily decrypted. A good place to start for further reading is Appendix E of RFC 8446, "Overview of Security Properties":

Informally, the signature-based modes of TLS 1.3 provide for the establishment of a unique, secret, shared key established by an (EC)DHE key exchange and authenticated by the server's signature over the handshake transcript, as well as tied to the server's identity by a MAC. If the client is authenticated by a certificate, it also signs over the handshake transcript and provides a MAC tied to both identities.

[APT-ZERO]

Did you ever used HTTP Debugger? it just adds a fake root CA to trusted certificate store of OS or Browser and boom! decrypts all TLS traffic!
If the GFW have access to private key of one of the Trusted CAs, why can't them decrypt TLS traffic?