> The default TLS Client Hello has been modified. If your app or website communicates with servers configured with strict bot-detection or security policies that only allow traffic with known TLS fingerprints, then users might be unable to login or perform other actions.
Wonder if that's what they do on their own services? Seems a little odd they'd have an outage a few days before release and then this shows up in their release notes.
GREASE already randomizes the handshake to an extent, and I think whatever TLS stack chrome uses also shuffles the cipher order. In response newer TLS fingerprinting algorithms (ja4?) sort the cipher list first to mitigate this.
> The default TLS Client Hello has been modified. If your app or website communicates with servers configured with strict bot-detection or security policies that only allow traffic with known TLS fingerprints, then users might be unable to login or perform other actions.
Wonder if that's what they do on their own services? Seems a little odd they'd have an outage a few days before release and then this shows up in their release notes.
This has been in the developer release notes since the first 26.2 beta so I doubt it’s related.
I hope they randomize it in the future like they do it for mac addresses.
GREASE already randomizes the handshake to an extent, and I think whatever TLS stack chrome uses also shuffles the cipher order. In response newer TLS fingerprinting algorithms (ja4?) sort the cipher list first to mitigate this.
Related: their latest version of Xcode 26.2 isn't allowing app submissions to appstoreconnect:
https://developer.apple.com/forums/thread/810115
Hope they fix this quick as Dec 19th onwards, they are on vacation.
They don’t do the shutdown anymore if it’s any consolation, but they do slow down approvals.