via @crwatkins: The client could have cipher suite support hard coded, and change over the course of versions. A passive network observer could see which ciphers are supported and fingerprint to a particular client on this basis in conjunction with other data leaked such DNS lookup of the wallet provider's domain.
This would fall under here in the current working version of threat model:
Network observer
Derive the type of wallet used to create a transaction by passively observing idiosyncrasies in the interactive behaviour of the wallet
OBPPV3/CM29: Avoid using a non-Bitcoin network protocol that leaks information about the type of client in use
via @crwatkins: The client could have cipher suite support hard coded, and change over the course of versions. A passive network observer could see which ciphers are supported and fingerprint to a particular client on this basis in conjunction with other data leaked such DNS lookup of the wallet provider's domain.
This would fall under here in the current working version of threat model: Network observer Derive the type of wallet used to create a transaction by passively observing idiosyncrasies in the interactive behaviour of the wallet OBPPV3/CM29: Avoid using a non-Bitcoin network protocol that leaks information about the type of client in use