diff --git a/defaults/main/0_hardcoded.yml b/defaults/main/0_hardcoded.yml
index 2ca41ba..0753289 100644
--- a/defaults/main/0_hardcoded.yml
+++ b/defaults/main/0_hardcoded.yml
@@ -52,6 +52,7 @@ HAPROXY_HC:
     acme_script: "https://github.com/dehydrated-io/dehydrated/releases/download/v{{ version_dehydrated }}/dehydrated-{{ version_dehydrated }}.tar.gz"
     ja3n_script: 'https://raw.githubusercontent.com/O-X-L/haproxy-ja3n/latest/ja3n.lua'
     ja4_script: 'https://raw.githubusercontent.com/O-X-L/haproxy-ja4/latest/ja4.lua'
+    sha2_script: 'https://raw.githubusercontent.com/Egor-Skriptunoff/pure_lua_SHA/master/sha2.lua'  # ja4 dependency
 
   valid_geoip_providers: ['ipinfo', 'maxmind']
   user_geoip: 'haproxy-geoip'
diff --git a/tasks/debian/install.yml b/tasks/debian/install.yml
index 24a0821..0476720 100644
--- a/tasks/debian/install.yml
+++ b/tasks/debian/install.yml
@@ -98,7 +98,7 @@
     name: 'haproxy.service'
     enabled: true
 
-- name: HAProxy | Install | Download SSL-Fingerprint plugin (JA3N)
+- name: HAProxy | Install | Download SSL-Fingerprint LUA-plugin (JA3N)
   ansible.builtin.get_url:
     url: "{{ HAPROXY_HC.url.ja3n_script }}"
     dest: "{{ HAPROXY_HC.path.lua }}/ja3n.lua"
@@ -107,7 +107,7 @@
     mode: 0750
   tags: lua
 
-- name: HAProxy | Install | Download SSL-Fingerprint plugin (JA4)
+- name: HAProxy | Install | Download SSL-Fingerprint LUA-plugin (JA4)
   ansible.builtin.get_url:
     url: "{{ HAPROXY_HC.url.ja4_script }}"
     dest: "{{ HAPROXY_HC.path.lua }}/ja4.lua"
@@ -116,4 +116,13 @@
     mode: 0750
   tags: lua
 
+- name: HAProxy | Install | Download SHA2 LUA-library (JA4 dependency)
+  ansible.builtin.get_url:
+    url: "{{ HAPROXY_HC.url.sha2_script }}"
+    dest: "{{ HAPROXY_HC.path.lua }}/sha2.lua"
+    owner: 'root'
+    group: 'haproxy'
+    mode: 0750
+  tags: lua
+
 # todo: opt-in for JA4-DB lookups + map update service (https://github.com/O-X-L/haproxy-ja4)