[hzwanip]

How would you (an arbitrary web server) fingerprint a TLS connection if the Client Hello is encrypted?

[conradludgate]

The website owner (or cloudflare in this case) has the keys to decrypt the client hello. That's necessary for routing information.

[hzwanip]

You're right, sorry! I got confused myself.

[szmarczak]

By decrypting it? I don't think you know how TLS, or E2E works in general. ISP doesn't perform the fingerprinting, the server does.

[hzwanip]

Of course! My bad, thanks for engaging.