TLS_EMPTY_RENEGOTIATION_INFO_SCSV was ignored again

https://github.com/FoxIO-LLC/ja4-nginx-module/pull/27 resolves the issue of missing TLS_EMPTY_RENEGOTIATION_INFO_SCSV.

but https://github.com/FoxIO-LLC/ja4-nginx-module/pull/38 The changes appear to have caused the problem to resurface.

wireshark:
[JA4: t13d3112h1_e8f1e7e78f70_b26ce05bbdd6]
[JA4_r […]: t13d3112h1_002f,0033,0035,0039,003c,003d,0067,006b,009c,009d,009e,009f,00ff,1301,1302,1303,c009,c00a,c013,c014,c023,c024,c027,c028,c02b,c02c,c02f,c030,cca8,cca9,ccaa_000a,000b,000d,0015,0016,0017,002b,002d,0031,0033_0403,0503,]
<img width="902" height="820" alt="Image" src="https://github.com/user-attachments/assets/59b3afff-724e-4388-8264-cca9ea74b72f" />
<img width="1746" height="113" alt="Image" src="https://github.com/user-attachments/assets/e1064c55-ed43-4b27-9c33-145f7f5a776a" />


nginx:
< ja4: t13d3012h1_1d37bd780c83_b26ce05bbdd6
< ja4r: t13d3012ht_002f,0033,0035,0039,003c,003d,0067,006b,009c,009d,009e,009f,1301,1302,1303,c009,c00a,c013,c014,c023,c024,c027,c028,c02b,c02c,c02f,c030,cca8,cca9,ccaa_000a,000b,000d,0015,0016,0017,002b,002d,0031,0033_0403,0503,0603,0807,0808,0809,080a,080b,0804,0805,0806,0401,0501,0601,0303,0301,0302,0402,0502,0602
<img width="2338" height="150" alt="Image" src="https://github.com/user-attachments/assets/d336df5c-8086-46e3-803d-0c7757312eb3" />


Based on the discussion in https://github.com/FoxIO-LLC/ja4/issues/184, ja4 should compute TLS_EMPTY_RENEGOTIATION_INFO_SCSV, but since openssl filters this function, should we revert to using a custom function for this?




Provide feedback

Saved searches

Use saved searches to filter your results more quickly

TLS_EMPTY_RENEGOTIATION_INFO_SCSV was ignored again #41

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

TLS_EMPTY_RENEGOTIATION_INFO_SCSV was ignored again #41

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions