TLS Extensions Database
Complete reference of 21 IANA-registered TLS extensions
About TLS Extensions
TLS extensions are optional features that clients and servers can negotiate during the TLS handshake. They extend the core TLS protocol to support additional capabilities like Server Name Indication (SNI), Application-Layer Protocol Negotiation (ALPN), and more.
In JA3 fingerprinting, the set of TLS extensions advertised by a client is a key component of the fingerprint. Different browsers and HTTP libraries support different extensions, making this a reliable way to identify and differentiate clients.
JA3 Format: TLS_VERSION,CIPHERS,EXTENSIONS,CURVES,POINT_FORMATS
Search TLS Extensions
Try searching for: "server_name", "SNI", "0x0000", "23", "ALPN", or "grease"
All TLS Extensions (21)
| Extension Name | Code (Dec) | Code (Hex) | Description | RFC |
|---|---|---|---|---|
server_name
|
0 |
0x0000 |
Server Name Indication (SNI) extension allows the client to indicate which hostname it is attempting... | RFC |
max_fragment_length
|
1 |
0x0001 |
The Maximum Fragment Length extension allows clients with limited buffer sizes to negotiate a smalle... | RFC |
status_request
|
5 |
0x0005 |
The Certificate Status Request extension, also known as OCSP Stapling, allows the client to request ... | RFC |
supported_groups
|
10 |
0x000A |
The Supported Groups extension (formerly called Elliptic Curves) indicates which elliptic curve grou... | RFC |
ec_point_formats
|
11 |
0x000B |
The EC Point Formats extension specifies which elliptic curve point formats the client can parse. Th... | RFC |
signature_algorithms
|
13 |
0x000D |
The Signature Algorithms extension indicates which signature algorithms the client supports for veri... | RFC |
application_layer_protocol_negotiation
|
16 |
0x0010 |
ALPN (Application-Layer Protocol Negotiation) allows the client and server to negotiate which applic... | RFC |
signed_certificate_timestamp
|
18 |
0x0012 |
The Signed Certificate Timestamp (SCT) extension enables Certificate Transparency by allowing client... | RFC |
extended_master_secret
|
23 |
0x0017 |
The Extended Master Secret extension addresses the "Triple Handshake Attack" vulnerability in TLS 1.... | RFC |
compress_certificate
|
27 |
0x001B |
The Compress Certificate extension allows TLS certificate chains to be compressed using algorithms l... | RFC |
record_size_limit
|
28 |
0x001C |
The Record Size Limit extension allows clients and servers to negotiate the maximum size of TLS reco... | RFC |
session_ticket
|
35 |
0x0023 |
The Session Ticket extension enables stateless TLS session resumption. Instead of the server maintai... | RFC |
pre_shared_key
|
41 |
0x0029 |
The Pre-Shared Key (PSK) extension in TLS 1.3 enables fast session resumption and 0-RTT (Zero Round-... | RFC |
early_data
|
42 |
0x002A |
The Early Data extension (also known as 0-RTT) allows clients to send application data in the first ... | RFC |
supported_versions
|
43 |
0x002B |
The Supported Versions extension allows clients to indicate which TLS versions they support. In TLS ... | RFC |
cookie
|
44 |
0x002C |
The Cookie extension in TLS 1.3 is used for stateless handshake retries when the server is under loa... | RFC |
certificate_authorities
|
47 |
0x002F |
The Certificate Authorities extension allows clients to indicate which certificate authorities (CAs)... | RFC |
key_share
|
51 |
0x0033 |
The Key Share extension in TLS 1.3 contains the client's cryptographic key exchange parameters for (... | RFC |
psk_key_exchange_modes
|
45 |
0x002D |
The PSK Key Exchange Modes extension specifies which modes the client supports when using PSK (Pre-S... | RFC |
renegotiation_info
|
65281 |
0xFF01 |
The Renegotiation Info extension prevents the TLS renegotiation attack discovered in 2009. Without t... | RFC |
padding
|
21 |
0x0015 |
The Padding extension allows clients to pad the Client Hello message to a desired size. This is used... | RFC |