target = "https://tools.ietf.org/rfc/rfc5746#3.6" # 3.6. Server Behavior: Initial Handshake # # Note that this section and Section 3.7 apply to both full handshakes # and session-resumption handshakes. # # o When a ClientHello is received, the server MUST check if it # includes the TLS_EMPTY_RENEGOTIATION_INFO_SCSV SCSV. If it does, # set the secure_renegotiation flag to TRUE. # # o The server MUST check if the "renegotiation_info" extension is # included in the ClientHello. If the extension is present, set # secure_renegotiation flag to TRUE. The server MUST then verify # that the length of the "renegotiated_connection" field is zero, # and if it is not, MUST abort the handshake. # # o If neither the TLS_EMPTY_RENEGOTIATION_INFO_SCSV SCSV nor the # "renegotiation_info" extension was included, set the # secure_renegotiation flag to FALSE. In this case, some servers # may want to terminate the handshake instead of continuing; see # Section 4.3 for discussion. # # o If the secure_renegotiation flag is set to TRUE, the server MUST # include an empty "renegotiation_info" extension in the ServerHello # message. # # o When the handshake has completed, the server needs to save the # client_verify_data and server_verify_data values for future use. # # TLS servers implementing this specification MUST ignore any unknown # extensions offered by the client and they MUST accept version numbers # higher than their highest version number and negotiate the highest # common version. These two requirements reiterate preexisting # requirements in RFC 5246 and are merely stated here in the interest # of forward compatibility. # # Note that sending a "renegotiation_info" extension in response to a # ClientHello containing only the SCSV is an explicit exception to the # prohibition in RFC 5246, Section 7.4.1.4, on the server sending # unsolicited extensions and is only allowed because the client is # signaling its willingness to receive the extension via the # TLS_EMPTY_RENEGOTIATION_INFO_SCSV SCSV. TLS implementations MUST # continue to comply with Section 7.4.1.4 for all other extensions. [[spec]] level = "MUST" quote = ''' o When a ClientHello is received, the server MUST check if it includes the TLS_EMPTY_RENEGOTIATION_INFO_SCSV SCSV. ''' [[spec]] level = "MUST" quote = ''' o The server MUST check if the "renegotiation_info" extension is included in the ClientHello. ''' [[spec]] level = "MUST" quote = ''' The server MUST then verify that the length of the "renegotiated_connection" field is zero, and if it is not, MUST abort the handshake. ''' [[spec]] level = "MUST" quote = ''' The server MUST then verify that the length of the "renegotiated_connection" field is zero, and if it is not, MUST abort the handshake. ''' [[spec]] level = "MUST" quote = ''' o If the secure_renegotiation flag is set to TRUE, the server MUST include an empty "renegotiation_info" extension in the ServerHello message. ''' [[spec]] level = "MUST" quote = ''' TLS servers implementing this specification MUST ignore any unknown extensions offered by the client and they MUST accept version numbers higher than their highest version number and negotiate the highest common version. ''' [[spec]] level = "MUST" quote = ''' TLS servers implementing this specification MUST ignore any unknown extensions offered by the client and they MUST accept version numbers higher than their highest version number and negotiate the highest common version. ''' [[spec]] level = "MUST" quote = ''' TLS implementations MUST continue to comply with Section 7.4.1.4 for all other extensions. '''