AnsweredAssumed Answered

JA3

Question asked by Donald Paterson on Nov 20, 2018
Latest reply on Nov 20, 2018 by Dameon Welch-Abernathy

Anyone know anything about Check Point maybe working with JA3 yet, or plans around this?

 

References:

A new method of TLS fingerprinting was recently put together called JA3. Rather than simply looking at the certificate used, JA3 parses multiple fields set in the TLS client hello packet sent over during the SSL handshake. The resulting fingerprint can then be used to identify, log, alert and/or block specific traffic.

 

JA3 looks at the client hello packet in the SSL handshake to in order to gather the SSL version and list of supported ciphers. If supported by the client, it will also use all supported SSL extensions, all supported Elliptic Curves, and finally the Elliptic Curve Point Format. 

 

GitHub - salesforce/ja3: JA3 is a standard for creating SSL client fingerprints in an easy to produce and shareable way. 

Outcomes