Closed 0xKilty closed 1 week ago
The third part refers to the following according to the JA4 spec (truncated sha256 hash of the list of extensions sorted, SNI and ALPN removed, followed by the list of signature algorithms
Hence, this correlates to https://www.rfc-editor.org/rfc/rfc8446.html
Let me know if we can close this out if it has answered your questions.
In the third part of ja4_r (the extensions), there are these numbers that are then hashed and truncated into a ja4.
For example they look like
..._00000403,00000503,00000603,00000804,00000806,00000401,00000501,00000601,00000203,00000201
I would like to know which extension in IANA Transport Layer Security (TLS) Extensions Table these numbers refer to.
Thanks.