Available on crate features
ja4plus and tls only.Expand description
JA4X — X.509 certificate fingerprint (FoxIO, 2023).
Computes a per-certificate fingerprint over the issuer and subject Distinguished Name (DN) attribute OIDs plus the certificate extension OIDs:
JA4X = SHA256-hex-12(issuer_oids) _
SHA256-hex-12(subject_oids) _
SHA256-hex-12(extension_oids)Each OID list is the comma-separated dotted-decimal representation in wire order (no sorting — server- emitted ordering is itself a fingerprint signal, mirroring JA4S’s extension-list rationale).
Format: three underscore-joined 12-hex-char SHA-256
prefixes — e.g.
a564fbbd9b48_5e2c5a8f4f17_8c0e391b6d8b.
§API
ja4x_for_der— compute JA4X for one DER-encoded X.509 certificate. ReturnsNoneif DER parsing fails.ja4x_for_chain— compute JA4X for each cert in the chain. Returns one fingerprint per cert; the leaf (index 0 per RFC 5246 §7.4.2) is typically the one consumers want.
§Source
Functions§
- ja4x_
for_ chain - Compute JA4X for each cert in a chain — leaf first per
RFC 5246 §7.4.2. Skips certs that fail DER parsing
(returns
Nonein their slot). - ja4x_
for_ der - Compute JA4X for one DER-encoded X.509 certificate.
Returns
Noneif DER parsing fails.