Re: SSL
The GFW performs Deep Packet Inspection (DPI) on all connections. Tor Project has some detail https://blog.torproject.org/category/tags/gfw but basically a HTTPS/TLS handshake looks slightly different to an SSL handshake used for VPNs, and that difference is enough for the connection to be noticed, and dropped.
Cisco's IPSec is allowed through the GFW though. The development of Open Source Cisco IPSec equivalents might cause this to change in the future though.
VPN providers need to obfuscate the initial connection handshake as well as everything afterwards. Some can do that, other's fail. I found I needed to pay for 2-3 providers, as they would randomly be knocked offline, and then brought back with different IPs and strategies to defeat the DPI.
To be honest, it's only really an issue for expats now. The GFW is so effective, and the Chinese alternatives to western web services are better in most cases for local Chinese people, that most locals don't care about the GFW; they're perfectly happy with the Chinese Internet.