pub fn chrome_tls_args(profile: &TlsProfile) -> Vec<String>Expand description
Return Chrome launch flags that constrain TLS behaviour to approximate this profile’s protocol-version range.
§What flags control
| Flag | Effect |
|---|---|
--ssl-version-max | Cap the highest advertised TLS version |
--ssl-version-min | Raise the lowest advertised TLS version |
§What flags cannot control
Chrome’s TLS stack (BoringSSL) hard-codes the following in its compiled binary:
- Cipher-suite ordering — set by
ssl_cipher_apply_ruleat build time. - Extension ordering — emitted in a fixed order by
BoringSSL. - Supported-group ordering — set at build time.
For precise JA3/JA4 matching, a patched Chromium build or an external TLS
proxy (see to_rustls_config) is required.
§When to use each approach
| Detection layer | Handled by |
|---|---|
| JavaScript leaks | CDP stealth scripts (see stealth) |
| CDP signals | CdpFixMode |
| TLS fingerprint | Flags (this fn) — version only; full control needs rustls or patched Chrome |