Follow

Q&A: What is TLS Fingerprinting?

 

Question

  • What is a TLS Fingerprint?
    • How can we use it to block traffic?

Environment

  • Silverline WAF
  • Proxy (HTTPS proxy)
  • WAF Policy
  • iRule 

Answer

  • During SSL handshakes, most user agents (such as different browsers, Dropbox, Skype, etc.) will initiate an SSL handshake request in their unique way
  • A TLS fingerprint consists of an ordered combination of
    • TLS version
    • cipher suites
    • compression options
    • list of extensions
    • elliptic curves
    • signature algorithms

    • Screen_Shot_2020-04-15_at_12.33.58_PM.png
  • Using this method, Silverline can identify a user agent based on the client's ClientHello (the first message in the SSL handshake) before a request reaches the backend server.

 

Related Content

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request