Hi, I have been confused about the code below:
/ SSLVersion/
ja3->version = SSL_version(ssl);**
According to the paper, I think SSL_client_version() function should be used here.
When the client support TLS1.3 and so does the server, then SSL_version() will get the version number after the tls connection is created which is 1.3. However, in this situation, the SSL_client_version() will still be 1.2. This may cause different tls fingerprints and in my opinion, the latter is correct.
Can help me solve my confusion? Thanks.
Hi, I have been confused about the code below:
/ SSLVersion/
ja3->version = SSL_version(ssl);**
According to the paper, I think SSL_client_version() function should be used here.
When the client support TLS1.3 and so does the server, then SSL_version() will get the version number after the tls connection is created which is 1.3. However, in this situation, the SSL_client_version() will still be 1.2. This may cause different tls fingerprints and in my opinion, the latter is correct.
Can help me solve my confusion? Thanks.