Only if its a stupid firewall.

If you have your own root certificate (and China does), you can MiTM every port 443 request and perform DPI on it.

https://en.m.wikipedia.org/wiki/Root_certificate

I've installed my own root cert into my computer and used Squid in Peek 'n' Splice mode to do it.

China doesn't bother doing this to all cross border traffic, because they don't care enough to commit the resources.

I'm guessing a Western country will be the first, and it won't be the USA. More likely mine (Australia), or UK/FR/DE/IT.