TLS Fingerprinting - a method for identifying a TLS client without decrypting

Thank you for writing this article. I have a couple of critiques, and a couple fingerprints to add to your list as well.

The caller iRule should have 'clientip' and 'serverip' arguments sent to Library-Rule.

With the assumption you wanted to log 'serverip' as the Virtual Server address, this is what the line should look like:

set fingerprint [call Library-Rule::fingerprintTLS [TCP::payload] ${rlen} ${outer_sslver} ${inner_sslver} [IP::client_addr] [IP::local_addr]]

Also, the 4th 'Additional Ciphers' string contains a double-quote in the middle of the string, causing copy-paste of your additional ciphers to fail with a syntax error.

Should be:

"0301+0303+0094+C030C02CC032C02EC02FC02BC031C02D00A500A300A1009F00A400A200A0009EC028C024C014C00AC02AC026C00FC005006B006A006900680039003800370036C027C023C013C009C029C025C00EC00400670040003F003E0033003200310030C012C008C00DC00300880087008600850045004400430042001600130010000D009D009C003D0035003C002F00840041000A00FF+1+00+000B000A0023000D0015+00170019001C001B0018001A0016000E000D000B000C0009000A+060106020603050105020503040104020403030103020303020102020203+000102" := "Dropbox",

And here are two more to add to your 'Additional Ciphers' list:

"0303+0303+0038+C02CC02BC030C02F009F009EC024C023C028C027C00AC009C014C01300390033009D009C003D003C0035002F000A006A0040003800320013+1+00+0005000A000B000D0023001000175500FF01+001D00170018+040105010201040305030203020206010603+00" := "Internet Explorer 11.447.14393.0(Win 10)",
"0301+0303+0022+C02BC02FC02CC030CCA9CCA8CC14CC13C009C013C00AC014009C009D002F0035000A+1+00+FF0100170023000D0005001200107550000B000A+001D00170018+06010603050105030401040302010203+00" := "Chrome 55.0.2883.87",

This is a great exercise. I don't doubt this will be useful in the future.