TLS is used to encrypt communication for privacy and security. HTTP uses TLS in HTTPS as do most command and controls frameworks.To initiate a TLS session, a client will send a TLS Client Hello packet after the TCP 3-way handshake. This packet and the way in which it is generated is dependent on the client application. The server will respond with a TLS Server Hello packet that is formulated based on server-side libraries, configurations, and the Client Hello. Because TLS negotiations are transmitted in the clear, it’s possible to fingerprint and identify client applications.