How would you (an arbitrary web server) fingerprint a TLS connection if the Client Hello is encrypted?
replyThe website owner (or cloudflare in this case) has the keys to decrypt the client hello. That's necessary for routing information.
replyYou're right, sorry! I got confused myself.
replyBy decrypting it? I don't think you know how TLS, or E2E works in general. ISP doesn't perform the fingerprinting, the server does.
replyOf course! My bad, thanks for engaging.
reply