Skip to content

Enable TLS Fingerprinting configuration (JA3/JA4) #7372

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
WUMUXIAN wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Enable TLS Fingerprinting configuration (JA3/JA4) #7372

WUMUXIAN wants to merge 2 commits into from

Conversation

@WUMUXIAN
Copy link

@WUMUXIAN WUMUXIAN commented Jan 13, 2026
edited
Loading

internal/(envoy): Make it possible to enable TLS fingerprinting in Envoy's TLS Inspector Listener filter, useful for security monitoring, analytics, and bot detection. Provides independent control over JA3 and JA4 fingerprinting methods.

enableJA3Fingerprinting: Enable JA3 fingerprinting (requires Envoy 1.21.0+)
enableJA4Fingerprinting: Enable JA4 fingerprinting (requires Envoy 1.35.0+)
Both settings default to false.

Updates #7307
Release note: release-note/minor

Signed-off-by: Muxian Wu [email protected]

@WUMUXIAN WUMUXIAN requested a review from a team as a code owner January 13, 2026 14:30
@WUMUXIAN WUMUXIAN requested review from sunjayBhatia and tsaarni and removed request for a team January 13, 2026 14:30
@sunjayBhatia sunjayBhatia requested review from a team, clayton-gonsalves and rajatvig and removed request for a team January 13, 2026 14:30
@github-actions
Copy link

github-actions bot commented Jan 13, 2026

Hi @WUMUXIAN! Welcome to our community and thank you for opening your first Pull Request. Someone will review it soon. Thank you for committing to making Contour better. You can also join us on our mailing list and in our channel in the Kubernetes Slack Workspace

@codecov
Copy link

codecov bot commented Jan 13, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 52.63158% with 9 lines in your changes missing coverage. Please review.
✅ Project coverage is 80.72%. Comparing base (00812a4) to head (76feef1).
⚠️ Report is 5 commits behind head on main.

Files with missing lines Patch % Lines
internal/envoy/v3/listener.go 28.57% 2 Missing and 3 partials ⚠️
cmd/contour/serve.go 0.00% 2 Missing ⚠️
pkg/config/parameters.go 0.00% 2 Missing ⚠️
Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##             main    #7372      +/-   ##
==========================================
- Coverage   81.85%   80.72%   -1.13%     
==========================================
  Files         130      130              
  Lines       15747    15792      +45     
==========================================
- Hits        12889    12748     -141     
- Misses       2574     2614      +40     
- Partials      284      430     +146
Files with missing lines Coverage Δ
cmd/contour/servecontext.go 86.44% <100.00%> (-0.19%) ⬇️
internal/xdscache/v3/listener.go 76.45% <100.00%> (-15.48%) ⬇️
cmd/contour/serve.go 22.01% <0.00%> (-1.60%) ⬇️
pkg/config/parameters.go 72.56% <0.00%> (-14.55%) ⬇️
internal/envoy/v3/listener.go 83.57% <28.57%> (-14.60%) ⬇️
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@WUMUXIAN
Copy link
Author

WUMUXIAN commented Jan 15, 2026

hi @tsaarni , @sunjayBhatia can you review this? thank you

@WUMUXIAN WUMUXIAN force-pushed the add_ja3_ja4_config_support branch from ce51f73 to 8d38ebc Compare January 21, 2026 10:09
@WUMUXIAN
add changelog file
76feef1 
Signed-off-by: Muxian Wu <[email protected]>
@tsaarni tsaarni added the release-note/minor A minor change that needs about a paragraph of explanation in the release notes. label Jan 21, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tsaarni tsaarni Awaiting requested review from tsaarni tsaarni is a code owner automatically assigned from projectcontour/maintainers

@sunjayBhatia sunjayBhatia Awaiting requested review from sunjayBhatia sunjayBhatia is a code owner automatically assigned from projectcontour/maintainers

@rajatvig rajatvig Awaiting requested review from rajatvig rajatvig was automatically assigned from projectcontour/contour-reviewers

@clayton-gonsalves clayton-gonsalves Awaiting requested review from clayton-gonsalves clayton-gonsalves was automatically assigned from projectcontour/contour-reviewers

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

release-note/minor A minor change that needs about a paragraph of explanation in the release notes.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@WUMUXIAN @tsaarni