Skip to main content

Module ja4x

Module ja4x 

Source
Available on crate features ja4plus and tls only.
Expand description

JA4X — X.509 certificate fingerprint (FoxIO, 2023).

Computes a per-certificate fingerprint over the issuer and subject Distinguished Name (DN) attribute OIDs plus the certificate extension OIDs:

JA4X = SHA256-hex-12(issuer_oids) _
       SHA256-hex-12(subject_oids) _
       SHA256-hex-12(extension_oids)

Each OID list is the comma-separated dotted-decimal representation in wire order (no sorting — server- emitted ordering is itself a fingerprint signal, mirroring JA4S’s extension-list rationale).

Format: three underscore-joined 12-hex-char SHA-256 prefixes — e.g. a564fbbd9b48_5e2c5a8f4f17_8c0e391b6d8b.

§API

  • ja4x_for_der — compute JA4X for one DER-encoded X.509 certificate. Returns None if DER parsing fails.
  • ja4x_for_chain — compute JA4X for each cert in the chain. Returns one fingerprint per cert; the leaf (index 0 per RFC 5246 §7.4.2) is typically the one consumers want.

§Source

Functions§

ja4x_for_chain
Compute JA4X for each cert in a chain — leaf first per RFC 5246 §7.4.2. Skips certs that fail DER parsing (returns None in their slot).
ja4x_for_der
Compute JA4X for one DER-encoded X.509 certificate. Returns None if DER parsing fails.