Browse All TLS Extensions

pre_shared_key

TLS Extension Code: 41

Extension Details

Extension Name
pre_shared_key
Extension Code (Decimal)
41
Extension Code (Hex)
0x0029
RFC Reference
RFC 8446

What is pre_shared_key?

The Pre-Shared Key (PSK) extension in TLS 1.3 enables fast session resumption and 0-RTT (Zero Round-Trip Time) data. After an initial full handshake, the client and server derive a PSK which can be used to resume future sessions with reduced latency. 0-RTT allows the client to send application data in the first flight, eliminating a round trip. However, 0-RTT data lacks forward secrecy and is vulnerable to replay attacks, so it should only be used for idempotent operations. PSK resumption is more secure than TLS 1.2 session tickets.

Role in JA3 Fingerprinting

How This Extension Affects Fingerprinting

The pre_shared_key extension is part of the TLS Client Hello packet that JA3 analyzes to create a unique fingerprint of your browser or HTTP client.

JA3 Construction: JA3 concatenates TLS parameters including extensions in a specific format:
TLS_VERSION,CIPHERS,EXTENSIONS,CURVES,POINT_FORMATS

Different browsers and HTTP clients support different sets of TLS extensions, making this a key differentiator in fingerprinting. The presence, absence, or order of extensions like pre_shared_key can reveal:

  • Browser type and version (Chrome, Firefox, Safari, Edge)
  • Operating system (Windows, macOS, Linux, Android, iOS)
  • HTTP library (curl, Python requests, Go http.Client, Node.js)
  • Bot detection - automated tools often have distinctive extension sets

Test Your TLS Configuration

See if your browser or HTTP client includes the pre_shared_key extension in its TLS handshake:

Test Your JA3 Fingerprint

The JA3 tool will show all TLS extensions your client advertises, including pre_shared_key.

Browser & Client Support

Modern Browser Support:

  • Chrome/Edge: Full support for pre_shared_key
  • Firefox: Full support for pre_shared_key
  • Safari: Full support for pre_shared_key

HTTP Client Libraries:

  • curl: Support varies by OpenSSL/LibreSSL version
  • Python requests: Limited TLS extension control
  • curl_cffi: Can mimic browser TLS configurations
  • Scrapfly API: Automatically matches real browser TLS fingerprints

Related TLS Resources

TLS Extensions
Testing Tools

Technical References