| Scrapfly

Extension Details

Extension Name

psk_key_exchange_modes

Extension Code (Decimal)

45

Extension Code (Hex)

0x002D

RFC Reference

RFC 8446

What is psk_key_exchange_modes?

The PSK Key Exchange Modes extension specifies which modes the client supports when using PSK (Pre-Shared Key) for session resumption. Two modes exist: psk_ke (PSK-only, no (EC)DHE) and psk_dhe_ke (PSK combined with (EC)DHE). psk_dhe_ke provides forward secrecy even for resumed sessions, making it the preferred mode. psk_ke is faster (saves cryptographic operations) but lacks forward secrecy. Browsers typically support both modes but prefer psk_dhe_ke. This extension is only used when resuming TLS 1.3 sessions.

Role in JA3 Fingerprinting

How This Extension Affects Fingerprinting

The psk_key_exchange_modes extension is part of the TLS Client Hello packet that JA3 analyzes to create a unique fingerprint of your browser or HTTP client.

JA3 Construction: JA3 concatenates TLS parameters including extensions in a specific format:
TLS_VERSION,CIPHERS,EXTENSIONS,CURVES,POINT_FORMATS

Different browsers and HTTP clients support different sets of TLS extensions, making this a key differentiator in fingerprinting. The presence, absence, or order of extensions like psk_key_exchange_modes can reveal:

Browser type and version (Chrome, Firefox, Safari, Edge)
Operating system (Windows, macOS, Linux, Android, iOS)
HTTP library (curl, Python requests, Go http.Client, Node.js)
Bot detection - automated tools often have distinctive extension sets

Test Your TLS Configuration

See if your browser or HTTP client includes the psk_key_exchange_modes extension in its TLS handshake:

Test Your JA3 Fingerprint

The JA3 tool will show all TLS extensions your client advertises, including psk_key_exchange_modes.

Browser & Client Support

Modern Browser Support:

Chrome/Edge: Full support for psk_key_exchange_modes
Firefox: Full support for psk_key_exchange_modes
Safari: Full support for psk_key_exchange_modes

HTTP Client Libraries:

curl: Support varies by OpenSSL/LibreSSL version
Python requests: Limited TLS extension control
curl_cffi: Can mimic browser TLS configurations
Scrapfly API: Automatically matches real browser TLS fingerprints

Related TLS Resources

TLS Extensions

Testing Tools

Technical References

RFC Specification: RFC 8446 - TLS Extensions
IANA Registry: TLS ExtensionType Values
JA3 Project: JA3 - TLS Client Fingerprinting