Fingerprinting something like this would be trivial, they've probably already done it. Using the ja3 library [1] you can make pretty good deterministic TLS connection fingerprints, and that works fine for traffic that you can't decrypt. IDS/IPS software has used similar methods to identify and block encrypted traffic for some time now.
[1] https://github.com/salesforce/ja3