Recently I have been testing a new tool created by the people at Salesforce. The tool is called JARM and what it does is query TLS instances (HTTPS servers and services) to create a fingerprint of their TLS configuration. Much like analyzing the nuances of network traffic can be used to fingerprint the operating system and version of a server, JARM fingerprints TLS instances to create a fingerprint which can be used to compare one TLS service to another.
Article Link: https://isc.sans.edu/diary/rss/26832