there was some time ago an discussion about client fingerprinting. I implement an SSL-Client (https://suche.org/sslClientInfo) Info with details per protocol.
What is interesting
a) That the order of the suites deffer
b) Some clients even send GCM suites in Protocol's less than TLSv12 while other does not.
c) ApplicationLayerProtocolNegotiation is also protocol depended.
Does Anyone have good suggestions for more Infos?