Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2026-06-02 22:48:49 +02:00
Code Issues Packages Projects Releases Wiki Activity

Consolidated Handshakes

Browse Source 
went through a couple of pcap files and determined ja3 + ja4 sums.

- Android 15/16 are the same (previously ja3 taken instead of ja4 and wrong host. One has to use chrome !)
- Edge 101/Chrome 101 are the same (will be deprated next time)
- surprisingly Java 17.0.3 and 21.0.6 were the same.

- Added: Ja3/ja4 for old Apple Mail and Thunderbird
This commit is contained in:
Dirk
2026-05-18 18:45:04 +02:00
parent 7897cdcd84
commit b4e58dfbb5
2 changed files with 35 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files
etc/client-simulation.txt
+22 -10
View File
@@ -310,8 +310,8 @@
ja4+=("t13d1713h1_5b57614c22b0_352634941f3a") ja4+=("t13d1713h1_5b57614c22b0_352634941f3a")
current+=(true) current+=(true)
names+=("Android 15 (native)") names+=("Android 15/16 (native)")
short+=("android_15") short+=("android_15_16")
ch_ciphers+=("ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA") ch_ciphers+=("ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA")
ciphersuites+=("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256") ciphersuites+=("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256")
ch_sni+=("$SNI") ch_sni+=("$SNI")
@@ -330,8 +330,8 @@
minEcdsaBits+=(-1) minEcdsaBits+=(-1)
curves+=("X25519MLKEM768:x25519:secp256r1:secp384r1") curves+=("X25519MLKEM768:x25519:secp256r1:secp384r1")
requiresSha2+=(true) requiresSha2+=(true)
ja3+=("78c89591bc3fffbc6aa884cc7ebbbdb5") ja3+=("a04f2226447ea413dd5bf057ca4a4bdf")
ja4+=("t13d1517h2_8daaf6152771_b6f405a00624") ja4+=("t13d1516h2_8daaf6152771_d8a2da3f94cd")
# careful! ja3 is is not unique here, probably because of GREASE. It's difficult to find to matching ja3 at all. ja4 seems more consistent here. # careful! ja3 is is not unique here, probably because of GREASE. It's difficult to find to matching ja3 at all. ja4 seems more consistent here.
current+=(true) current+=(true)
@@ -358,7 +358,8 @@
ja3+=("1039cdb7642a736c706f52a335544033") ja3+=("1039cdb7642a736c706f52a335544033")
ja4+=("t13d1516h2_8daaf6152771_d8a2da3f94cd") ja4+=("t13d1516h2_8daaf6152771_d8a2da3f94cd")
# careful! ja3 is is not unique here, probably because of GREASE. It's difficult to find to matching ja3 at all. ja4 seems more consistent here. # careful! ja3 is is not unique here, probably because of GREASE. It's difficult to find to matching ja3 at all. ja4 seems more consistent here.
current+=(true) current+=(false)
# same as above, deducted from ja4 fingerprint
names+=("Chrome 27 Win 7") names+=("Chrome 27 Win 7")
short+=("chrome_27_win7") short+=("chrome_27_win7")
@@ -993,7 +994,9 @@ names+=("Chrome 27 Win 7")
minEcdsaBits+=(-1) minEcdsaBits+=(-1)
curves+=("X25519:secp256r1:secp384r1") curves+=("X25519:secp256r1:secp384r1")
requiresSha2+=(true) requiresSha2+=(true)
current+=(true) ja3+=("cd08e31494f9531f560d64c695473da9")
ja4+=("t13d1516h2_8daaf6152771_e5627efa2ab1")
current+=(false)
names+=("Chromium 137 (Win 11)") names+=("Chromium 137 (Win 11)")
short+=("chromium_137_win11") short+=("chromium_137_win11")
@@ -2097,7 +2100,7 @@ names+=("Firefox 137 (Win 11)")
requiresSha2+=(false) requiresSha2+=(false)
current+=(false) current+=(false)
names+=("Edge 101 Win 10 21H2") names+=("Edge 101/Chrome 101 Win 10 21H2")
short+=("edge_101_win10_21h2") short+=("edge_101_win10_21h2")
ch_ciphers+=("ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA") ch_ciphers+=("ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA")
ciphersuites+=("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256") ciphersuites+=("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256")
@@ -2117,6 +2120,8 @@ names+=("Firefox 137 (Win 11)")
minEcdsaBits+=(-1) minEcdsaBits+=(-1)
curves+=("X25519:secp256r1:secp384r1") curves+=("X25519:secp256r1:secp384r1")
requiresSha2+=(true) requiresSha2+=(true)
ja3+=("cd08e31494f9531f560d64c695473da9")
ja4+=("t13d1516h2_8daaf6152771_e5627efa2ab1")
current+=(true) current+=(true)
names+=("Edge 133 Win 11 23H2") names+=("Edge 133 Win 11 23H2")
@@ -3002,8 +3007,8 @@ names+=("Opera 66 (Win 10)")
requiresSha2+=(false) requiresSha2+=(false)
current+=(false) current+=(false)
names+=("Java 17.0.3 (OpenJDK)") names+=("Java 17.0.3/21.0.6 (OpenJDK)")
short+=("java_1703") short+=("java_1703_2106")
ch_ciphers+=("ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA") ch_ciphers+=("ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA")
ciphersuites+=("TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256") ciphersuites+=("TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256")
ch_sni+=("$SNI") ch_sni+=("$SNI")
@@ -3021,6 +3026,8 @@ names+=("Opera 66 (Win 10)")
minEcdsaBits+=(224) minEcdsaBits+=(224)
curves+=("x25519:secp256r1:secp384r1:secp521r1:x448:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192") curves+=("x25519:secp256r1:secp384r1:secp521r1:x448:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192")
requireseha2+=(true) requireseha2+=(true)
ja3+=("60f3e2285bc991c380f822c6ac51f947")
ja4+=("t13d311200_e8f1e7e78f70_6077d120928a")
current+=(true) current+=(true)
names+=("Java 21.0.6 (OpenJDK)") names+=("Java 21.0.6 (OpenJDK)")
@@ -3044,7 +3051,8 @@ names+=("Opera 66 (Win 10)")
requiresSha2+=(true) requiresSha2+=(true)
ja3+=("60f3e2285bc991c380f822c6ac51f947") ja3+=("60f3e2285bc991c380f822c6ac51f947")
ja4+=("t13d311200_e8f1e7e78f70_6077d120928a") ja4+=("t13d311200_e8f1e7e78f70_6077d120928a")
current+=(true) current+=(false)
# same as above
names+=("go 1.17.8") names+=("go 1.17.8")
short+=("go_1178") short+=("go_1178")
@@ -3400,6 +3408,8 @@ names+=("Opera 66 (Win 10)")
minEcdsaBits+=(-1) minEcdsaBits+=(-1)
curves+=("secp256r1:secp384r1:secp521r1") curves+=("secp256r1:secp384r1:secp521r1")
requiresSha2+=(false) requiresSha2+=(false)
ja3+=("e4d448cdfe06dc1243c1eb026c74ac9a")
ja4+=("t12d220700_0d4ca5d4ec72_3304d8368043")
current+=(true) current+=(true)
names+=("Thunderbird (60.6)") names+=("Thunderbird (60.6)")
@@ -3466,6 +3476,8 @@ names+=("Opera 66 (Win 10)")
minEcdsaBits+=(-1) minEcdsaBits+=(-1)
curves+=("X25519:secp256r1:secp384r1:secp521r1:ffdhe2048:ffdhe3072") curves+=("X25519:secp256r1:secp384r1:secp521r1:ffdhe2048:ffdhe3072")
requiresSha2+=(false) requiresSha2+=(false)
ja3+=("490dba4384bdcf3fb9f1682374dd4afc")
ja4+=("t13d181400_e8a523a41297_3d5424432f57")
current+=(true) current+=(true)
names+=("Baidu Jan 2015") names+=("Baidu Jan 2015")
etc/client-simulation.wiresharked.txt
+13 -2
View File
@@ -213,8 +213,8 @@
minEcdsaBits+=(-1) minEcdsaBits+=(-1)
curves+=("X25519MLKEM768:x25519:secp256r1:secp384r1") curves+=("X25519MLKEM768:x25519:secp256r1:secp384r1")
requiresSha2+=(true) requiresSha2+=(true)
ja3+=("78c89591bc3fffbc6aa884cc7ebbbdb5") ja3+=("a04f2226447ea413dd5bf057ca4a4bdf")
ja4+=("t13d1517h2_8daaf6152771_b6f405a00624") ja4+=("t13d1516h2_8daaf6152771_d8a2da3f94cd")
current+=(true) current+=(true)
names+=("Android 16 (native)") names+=("Android 16 (native)")
@@ -241,6 +241,7 @@
ja4+=("t13d1516h2_8daaf6152771_d8a2da3f94cd") ja4+=("t13d1516h2_8daaf6152771_d8a2da3f94cd")
# careful! ja3 is is not unique here, probably because of GREASE. It's difficult to find to matching ja3 at all. ja4 seems more consistent here. # careful! ja3 is is not unique here, probably because of GREASE. It's difficult to find to matching ja3 at all. ja4 seems more consistent here.
current+=(true) current+=(true)
# Same as above
names+=("Edge 17 Win 10") names+=("Edge 17 Win 10")
short+=("edge_17_win10") short+=("edge_17_win10")
@@ -284,6 +285,8 @@
minEcdsaBits+=(-1) minEcdsaBits+=(-1)
curves+=("X25519:secp256r1:secp384r1") curves+=("X25519:secp256r1:secp384r1")
requiresSha2+=(true) requiresSha2+=(true)
ja3+=("cd08e31494f9531f560d64c695473da9")
ja4+=("t13d1516h2_8daaf6152771_e5627efa2ab1")
current+=(true) current+=(true)
names+=("Edge 133 Win 11 23H2") names+=("Edge 133 Win 11 23H2")
@@ -418,6 +421,8 @@
minEcdsaBits+=(-1) minEcdsaBits+=(-1)
curves+=("X25519:secp256r1:secp384r1") curves+=("X25519:secp256r1:secp384r1")
requiresSha2+=(true) requiresSha2+=(true)
ja3+=("cd08e31494f9531f560d64c695473da9")
ja4+=("t13d1516h2_8daaf6152771_e5627efa2ab1")
current+=(true) current+=(true)
names+=("Chromium 137 (Win 11)") names+=("Chromium 137 (Win 11)")
@@ -618,6 +623,8 @@
minEcdsaBits+=(224) minEcdsaBits+=(224)
curves+=("x25519:secp256r1:secp384r1:secp521r1:x448:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192") curves+=("x25519:secp256r1:secp384r1:secp521r1:x448:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192")
requiresSha2+=(true) requiresSha2+=(true)
ja3+=("60f3e2285bc991c380f822c6ac51f947")
ja4+=("t13d311200_e8f1e7e78f70_6077d120928a")
current+=(true) current+=(true)
names+=("Java 21.0.6 (OpenJDK)") names+=("Java 21.0.6 (OpenJDK)")
@@ -979,6 +986,8 @@
minEcdsaBits+=(-1) minEcdsaBits+=(-1)
curves+=("secp256r1:secp384r1:secp521r1") curves+=("secp256r1:secp384r1:secp521r1")
requiresSha2+=(false) requiresSha2+=(false)
ja3+=("e4d448cdfe06dc1243c1eb026c74ac9a")
ja4+=("t12d220700_0d4ca5d4ec72_3304d8368043")
current+=(true) current+=(true)
names+=("Thunderbird (60.6)") names+=("Thunderbird (60.6)")
@@ -1045,6 +1054,8 @@
minEcdsaBits+=(-1) minEcdsaBits+=(-1)
curves+=("X25519:secp256r1:secp384r1:secp521r1:ffdhe2048:ffdhe3072") curves+=("X25519:secp256r1:secp384r1:secp521r1:ffdhe2048:ffdhe3072")
requiresSha2+=(false) requiresSha2+=(false)
ja3+=("490dba4384bdcf3fb9f1682374dd4afc")
ja4+=("t13d181400_e8a523a41297_3d5424432f57")
current+=(true) current+=(true)
names+=("Safari 12.1 (iOS 12.2)") names+=("Safari 12.1 (iOS 12.2)")