Abstract: A method and system for permitting data traffic over a network comprises receiving a transport layer security handshake data packet from a client over a network; extracting data from the packet; hashing/fingerprinting the extracted data; comparing the hashed data to a list of hashes of applications that are authorised and/or not authorised on the network. In one embodiment the list is determined according to an identity of the client.