Suricata

Comment: I'm not sure where the correct place to start is but would
like to request a feature. Bro and Moloch are adopting a JA3 TLS/SSL
client fingerprinting technique. I'd like to know if we can get Suricata
to build the capability also. Will make for a great method to share a
new IOC. It's a bit early but seems to be working well.

Here's the public information from Salesforce's Github repo.

https://github.com/salesforce/ja3/

JA3 - A new way to profile SSL Clients

JA3 is a new technique for creating SSL client fingerprints that are
easy to produce and can be easily shared for threat intelligence.