Improve TLS Fingerprint Blocking

Currently, JA3 fingerprints are supported, which are hashes of multiple values. This fine for blocking a specific fingerprint, but does allow blocking "families" of fingerprints.

Consider that some but not all TLS parameters may be shared among attacking devices. If the individual parameters can be identified by a hex value, variable length strings combining those hex values can be created to reference a "family" of fingerprints and blocked.

  • Michael Buemi
  • Aug 13 2024