diff --git a/roles/tfe/files/tfe-4.3.28.ce28c42-1.el7.x86_64.rpm b/roles/tfe/files/tfe-4.3.28.ce28c42-1.el7.x86_64.rpm
new file mode 100644
index 0000000..a200eea
Binary files /dev/null and b/roles/tfe/files/tfe-4.3.28.ce28c42-1.el7.x86_64.rpm differ
diff --git a/roles/tfe/tasks/main.yml b/roles/tfe/tasks/main.yml
index 71a4ad7..99eb42a 100644
--- a/roles/tfe/tasks/main.yml
+++ b/roles/tfe/tasks/main.yml
@@ -14,7 +14,7 @@
   yum:
     name:
       - /tmp/ansible_deploy/tfe-kmod-v1.0.5.20200408-1dkms.noarch.rpm
-      - /tmp/ansible_deploy/tfe-4.3.26.17bbb54-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/tfe-4.3.28.ce28c42-1.el7.x86_64.rpm
     state: present
 
 - name: "template tfe-env config"
diff --git a/roles/tfe/templates/tfe.conf.j2 b/roles/tfe/templates/tfe.conf.j2
index 1c3cbe3..e933def 100644
--- a/roles/tfe/templates/tfe.conf.j2
+++ b/roles/tfe/templates/tfe.conf.j2
@@ -36,6 +36,7 @@ watchdog_port=2476
 
 [ssl]
 ssl_ja3_debug=0
+ssl_ja3_table=PXY_SSL_FINGERPRINT
 # ssl version Not available, configured via TSG website
 # ssl_max_version=tls13
 # ssl_min_version=ssl3
@@ -63,7 +64,6 @@ service_cache_slots=4194304
 service_cache_expire_seconds=300
 service_cache_fail_as_pinning_cnt=4
 service_cache_fail_as_proto_err_cnt=5
-service_cache_succ_as_app_not_pinning_cnt=0
 service_cache_fail_time_window=30
 
 # cert