Based on the application layer probing to identify the upper-layer services of the transport layer security(TLS), it is an important means to understand the configuration and security of Internet services. Current application layer scanners rely on the default network protocol stack during operation. Their transmission control protocol(TCP), designed for general scenarios, can only obtain TLS upper-layer service information at a limited rate; whereas, in the TLS protocol section, due to modern security configuration libraries, it is incompatible with some target servers. In response to the current problem that application layer scanners are not efficient and comprehensive enough in identifying TLS upper-layer services, this paper first proposed a hybrid state model applied to the TCP protocol stack from the perspective of protocol stack optimization. By introducing a stateless working mode and optimizing the stateful working mode, it reduces unnecessary state maintenance and transitions in the protocol stack, thereby improving the efficiency of application layer probing. Then, a relaxed configuration strategy for the TLS protocol stack was proposed, establishing TLS sessions with a broader range of servers through maximum version and configuration compatibility. Finally, this model and configuration strategy were implemented as an asynchronous application layer scanner, TLSnap, using a user-space protocol stack, and provide customizable interfaces in the form of extensible modules to support various TLS upper-layer service identification tasks. Experimental results show that under common hardware configurations, the TLSnap scanner improves the identification efficiency of TLS upper-layer services for large-scale ports by more than 3.5 times compared to current advanced methods, and the average number of identifications increases by 9%, effectively enhancing the efficiency and comprehensiveness of TLS upper-layer service identification.