| Scrapfly

Extension Details

Extension Name

supported_groups

Extension Code (Decimal)

10

Extension Code (Hex)

0x000A

RFC Reference

RFC 8422, RFC 8446

What is supported_groups?

The Supported Groups extension (formerly called Elliptic Curves) indicates which elliptic curve groups the client supports for key exchange. Modern TLS 1.3 uses ECDHE (Elliptic Curve Diffie-Hellman Ephemeral) for perfect forward secrecy. Common groups include x25519 (Curve25519), secp256r1 (P-256), secp384r1 (P-384), and secp521r1 (P-521). x25519 is preferred for its security and performance. The order of groups in this extension indicates client preference. This extension is critical for JA3 fingerprinting as different clients support different curve sets.

Role in JA3 Fingerprinting

How This Extension Affects Fingerprinting

The supported_groups extension is part of the TLS Client Hello packet that JA3 analyzes to create a unique fingerprint of your browser or HTTP client.

JA3 Construction: JA3 concatenates TLS parameters including extensions in a specific format:
TLS_VERSION,CIPHERS,EXTENSIONS,CURVES,POINT_FORMATS

Different browsers and HTTP clients support different sets of TLS extensions, making this a key differentiator in fingerprinting. The presence, absence, or order of extensions like supported_groups can reveal:

Browser type and version (Chrome, Firefox, Safari, Edge)
Operating system (Windows, macOS, Linux, Android, iOS)
HTTP library (curl, Python requests, Go http.Client, Node.js)
Bot detection - automated tools often have distinctive extension sets

Test Your TLS Configuration

See if your browser or HTTP client includes the supported_groups extension in its TLS handshake:

Test Your JA3 Fingerprint

The JA3 tool will show all TLS extensions your client advertises, including supported_groups.

Browser & Client Support

Modern Browser Support:

Chrome/Edge: Full support for supported_groups
Firefox: Full support for supported_groups
Safari: Full support for supported_groups

HTTP Client Libraries:

curl: Support varies by OpenSSL/LibreSSL version
Python requests: Limited TLS extension control
curl_cffi: Can mimic browser TLS configurations
Scrapfly API: Automatically matches real browser TLS fingerprints

Related TLS Resources

TLS Extensions

Testing Tools

Technical References

RFC Specification: RFC 8422, RFC 8446 - TLS Extensions
IANA Registry: TLS ExtensionType Values
JA3 Project: JA3 - TLS Client Fingerprinting