| Scrapfly

Extension Details

Extension Name

signature_algorithms

Extension Code (Decimal)

13

Extension Code (Hex)

0x000D

RFC Reference

RFC 8446

What is signature_algorithms?

The Signature Algorithms extension indicates which signature algorithms the client supports for verifying digital signatures in certificates and TLS handshake messages. Common algorithms include RSA-PSS-RSAE-SHA256, ECDSA-secp256r1-SHA256, RSA-PKCS1-SHA256, and ed25519. TLS 1.3 requires this extension and deprecates older algorithms like SHA-1 and MD5 for security reasons. The order indicates client preference. Modern browsers prefer RSA-PSS and ECDSA over older RSA-PKCS1. This extension is crucial for certificate validation and forward security.

Role in JA3 Fingerprinting

How This Extension Affects Fingerprinting

The signature_algorithms extension is part of the TLS Client Hello packet that JA3 analyzes to create a unique fingerprint of your browser or HTTP client.

JA3 Construction: JA3 concatenates TLS parameters including extensions in a specific format:
TLS_VERSION,CIPHERS,EXTENSIONS,CURVES,POINT_FORMATS

Different browsers and HTTP clients support different sets of TLS extensions, making this a key differentiator in fingerprinting. The presence, absence, or order of extensions like signature_algorithms can reveal:

Browser type and version (Chrome, Firefox, Safari, Edge)
Operating system (Windows, macOS, Linux, Android, iOS)
HTTP library (curl, Python requests, Go http.Client, Node.js)
Bot detection - automated tools often have distinctive extension sets

Test Your TLS Configuration

See if your browser or HTTP client includes the signature_algorithms extension in its TLS handshake:

Test Your JA3 Fingerprint

The JA3 tool will show all TLS extensions your client advertises, including signature_algorithms.

Browser & Client Support

Modern Browser Support:

Chrome/Edge: Full support for signature_algorithms
Firefox: Full support for signature_algorithms
Safari: Full support for signature_algorithms

HTTP Client Libraries:

curl: Support varies by OpenSSL/LibreSSL version
Python requests: Limited TLS extension control
curl_cffi: Can mimic browser TLS configurations
Scrapfly API: Automatically matches real browser TLS fingerprints

Related TLS Resources

TLS Extensions

Testing Tools

Technical References

RFC Specification: RFC 8446 - TLS Extensions
IANA Registry: TLS ExtensionType Values
JA3 Project: JA3 - TLS Client Fingerprinting