secp256r1
ECDHE | Security: 128 bits | Code: 23
Group Details
secp256r1230x0017What is secp256r1?
secp256r1 (also known as P-256 or prime256v1) is a widely supported NIST elliptic curve providing 128-bit security. It is the most common fallback when X25519 is not supported. secp256r1 is defined in FIPS 186-4 and is approved for government use. However, concerns exist about potential NSA influence in NIST curve selection (though no vulnerabilities have been found). Performance is slower than X25519 due to more complex arithmetic. Despite this, secp256r1 has excellent hardware support and is implemented in most TLS libraries. It remains the standard enterprise choice.
Role in JA3 Fingerprinting
The secp256r1 group is used for ECDHE key exchange in TLS, providing perfect forward secrecy. Different browsers and HTTP clients advertise different supported groups, making this a key component of JA3 fingerprints.
Fingerprinting Impact: The order and selection of supported groups reveals browser type, version, and security preferences.