[komuW]

> That requires client-side SSL authentication,

I do not think it requires client side SSL. See: https://engineering.salesforce.com/tls-fingerprinting-with-j...

What is been fingerprinted is the TLS negotiation between client and server.

[mschuster91]

That fingerprints a piece of software (and, if SSL library versions or configurations change, the version), but not a specific client. It's virtually worthless as a security measure if the endpoint is a common browser.