Browse All TLS Extensions

key_share

TLS Extension Code: 51

Extension Details

Extension Name
key_share
Extension Code (Decimal)
51
Extension Code (Hex)
0x0033
RFC Reference
RFC 8446

What is key_share?

The Key Share extension in TLS 1.3 contains the client's cryptographic key exchange parameters for (EC)DHE. The client sends key shares for one or more groups from its Supported Groups list. Typically, clients send a key share for their most preferred group (e.g., x25519) to enable a 1-RTT handshake. If the server doesn't support the offered group, it sends a HelloRetryRequest. The key share enables perfect forward secrecy by using ephemeral keys. This extension is mandatory in TLS 1.3 and is a major improvement over TLS 1.2's static RSA key exchange.

Role in JA3 Fingerprinting

How This Extension Affects Fingerprinting

The key_share extension is part of the TLS Client Hello packet that JA3 analyzes to create a unique fingerprint of your browser or HTTP client.

JA3 Construction: JA3 concatenates TLS parameters including extensions in a specific format:
TLS_VERSION,CIPHERS,EXTENSIONS,CURVES,POINT_FORMATS

Different browsers and HTTP clients support different sets of TLS extensions, making this a key differentiator in fingerprinting. The presence, absence, or order of extensions like key_share can reveal:

  • Browser type and version (Chrome, Firefox, Safari, Edge)
  • Operating system (Windows, macOS, Linux, Android, iOS)
  • HTTP library (curl, Python requests, Go http.Client, Node.js)
  • Bot detection - automated tools often have distinctive extension sets

Test Your TLS Configuration

See if your browser or HTTP client includes the key_share extension in its TLS handshake:

Test Your JA3 Fingerprint

The JA3 tool will show all TLS extensions your client advertises, including key_share.

Browser & Client Support

Modern Browser Support:

  • Chrome/Edge: Full support for key_share
  • Firefox: Full support for key_share
  • Safari: Full support for key_share

HTTP Client Libraries:

  • curl: Support varies by OpenSSL/LibreSSL version
  • Python requests: Limited TLS extension control
  • curl_cffi: Can mimic browser TLS configurations
  • Scrapfly API: Automatically matches real browser TLS fingerprints

Related TLS Resources

TLS Extensions
Testing Tools

Technical References