target = "https://tools.ietf.org/rfc/rfc5746#4.4"

# 4.4.  Server Behavior: Legacy (Insecure) Renegotiation
#
# This text applies if the connection's "secure_renegotiation" flag is
# set to FALSE.
# 
# It is RECOMMENDED that servers not permit legacy renegotiation.  If
# servers nevertheless do permit it, they MUST follow the requirements
# in this section.
# 
# o  When a ClientHello is received, the server MUST verify that it
#    does not contain the TLS_EMPTY_RENEGOTIATION_INFO_SCSV SCSV.  If
#    the SCSV is present, the server MUST abort the handshake.
# 
# o  The server MUST verify that the "renegotiation_info" extension is
#    not present; if it is, the server MUST abort the handshake.

[[spec]]
level = "SHOULD"
quote = '''
It is RECOMMENDED that servers not permit legacy renegotiation.
'''

[[spec]]
level = "MUST"
quote = '''
If
servers nevertheless do permit it, they MUST follow the requirements
in this section.
'''

[[spec]]
level = "MUST"
quote = '''
o  When a ClientHello is received, the server MUST verify that it
does not contain the TLS_EMPTY_RENEGOTIATION_INFO_SCSV SCSV.
'''

[[spec]]
level = "MUST"
quote = '''
If
the SCSV is present, the server MUST abort the handshake.
'''

[[spec]]
level = "MUST"
quote = '''
o  The server MUST verify that the "renegotiation_info" extension is
not present; if it is, the server MUST abort the handshake.
'''

[[spec]]
level = "MUST"
quote = '''
o  The server MUST verify that the "renegotiation_info" extension is
not present; if it is, the server MUST abort the handshake.
'''