target = "https://tools.ietf.org/rfc/rfc5746#3.4"

# 3.4.  Client Behavior: Initial Handshake
#
# Note that this section and Section 3.5 apply to both full handshakes
# and session resumption handshakes.
# 
# o  The client MUST include either an empty "renegotiation_info"
#    extension, or the TLS_EMPTY_RENEGOTIATION_INFO_SCSV signaling
#    cipher suite value in the ClientHello.  Including both is NOT
#    RECOMMENDED.
# 
# o  When a ServerHello is received, the client MUST check if it
#    includes the "renegotiation_info" extension:
# 
#    *  If the extension is not present, the server does not support
#       secure renegotiation; set secure_renegotiation flag to FALSE.
#       In this case, some clients may want to terminate the handshake
#       instead of continuing; see Section 4.1 for discussion.
# 
#    *  If the extension is present, set the secure_renegotiation flag
#       to TRUE.  The client MUST then verify that the length of the
#       "renegotiated_connection" field is zero, and if it is not, MUST
#       abort the handshake (by sending a fatal handshake_failure
#       alert).
# 
#       Note: later in Section 3, "abort the handshake" is used as
#       shorthand for "send a fatal handshake_failure alert and
#       terminate the connection".
# 
# o  When the handshake has completed, the client needs to save the
#    client_verify_data and server_verify_data values for future use.

[[spec]]
level = "MUST"
quote = '''
o  The client MUST include either an empty "renegotiation_info"
extension, or the TLS_EMPTY_RENEGOTIATION_INFO_SCSV signaling
cipher suite value in the ClientHello.
'''

[[spec]]
level = "SHOULD"
quote = '''
Including both is NOT
RECOMMENDED.
'''

[[spec]]
level = "MUST"
quote = '''
o  When a ServerHello is received, the client MUST check if it
includes the "renegotiation_info" extension:
'''

[[spec]]
level = "MUST"
quote = '''
The client MUST then verify that the length of the
"renegotiated_connection" field is zero, and if it is not, MUST
abort the handshake (by sending a fatal handshake_failure
alert).
'''

[[spec]]
level = "MUST"
quote = '''
The client MUST then verify that the length of the
"renegotiated_connection" field is zero, and if it is not, MUST
abort the handshake (by sending a fatal handshake_failure
alert).
'''