So the only solution is to increase the effort to decrypt. And for that we have to either/both increase complexity of the crypto (hard) and the amount of noise traffic.
Changing the crypto would require lots of time to roll out new platforms and updated clients.
Hence, the only feasible way to save the internet is to convert all porn sites to https. If you work on a ISP, block all porn connections over http, nature will find a way and the https sites will popup overnight.
With SNI[1], the hostname is sent unencrypted (so that you can host more than one domain in a single IP address), so the watchers can simply filter out porn domains.
As of November 2012, the only major user bases whose browsers do not support SNI appear to be users of Android 2.x (default browser), Internet Explorer (any version) on Windows XP and versions of Java before 1.7 on any operating system.
From a security point of view I don't think this changes anything - in the absence of SNI, you can get the hostname anyway just by starting a TLS connection to the server, as your browser would.
(Unless porn sites start whitelisting incoming IP addresses, which seems pretty unlikely)
And while I know cPanel/WHM doesn't really belong in the same discussion as "encryption possibly resilient against state level attackers"… I note with interest that the latest cPanel update (11.38) includes SNI support. That's "switched on" an _huge_ userbase of webhosting that can now grab a cheap/free SSL cert without needing dedicated ip addresses, and who can then tell users "you'll need to upgrade your browser to use our secure site - have you tried downloading Chrome?" ;-)
Changing the crypto would require lots of time to roll out new platforms and updated clients.
Hence, the only feasible way to save the internet is to convert all porn sites to https. If you work on a ISP, block all porn connections over http, nature will find a way and the https sites will popup overnight.