The selection (and more importantly, ordering) of ciphersuites suggested in a client hello can help us identify the browser in use.
Maintaining a list of browsers and their ciphersuites would be a big task, so want to avoid.
Instead, better to use http referers (where available) to extract user-agent. Lookup ciphers offered to the referring https domain and suggest as the user agent for all matches for those ciphersuites in that order.
Need to handle duplications gracefully, but would allow identification of use-cases where a different browser is used for something else (e.g firefox for browsing, chrome for porn)
Maybe also introduce a report showing ciphers offered to each domain
Ciperfamilies comma sep list of fqdns
Activity
2015-11-27 13:08:37
2015-11-27 13:08:37