Akamai tracked TLS fingerprints growing from 18,652 distinct signatures in August 2018 to billions today. That original count represented 0.00000159% of theoretical possibilities. Now? The fingerprint space has essentially become infinite as attackers continuously mutate SSL/TLS client behavior.
About 82% of malicious traffic runs over secure connections. Bot detection can't rely on TLS fingerprints alone anymore. Perfect mimicry of legitimate handshakes still fails when headless Chrome flags appear, when User-Agent strings don't match declared browsers, when canvas fingerprints show automation artifacts. The defense moved to multi-signal correlation: TLS data plus browser signals plus behavioral patterns. Static fingerprint blocking became obsolete years ago.