target = "https://tools.ietf.org/rfc/rfc8446#C.5" # C.5. Unauthenticated Operation # # Previous versions of TLS offered explicitly unauthenticated cipher # suites based on anonymous Diffie-Hellman. These modes have been # deprecated in TLS 1.3. However, it is still possible to negotiate # parameters that do not provide verifiable server authentication by # several methods, including: # # - Raw public keys [RFC7250]. # # - Using a public key contained in a certificate but without # validation of the certificate chain or any of its contents. # # Either technique used alone is vulnerable to man-in-the-middle # attacks and therefore unsafe for general use. However, it is also # possible to bind such connections to an external authentication # mechanism via out-of-band validation of the server's public key, # trust on first use, or a mechanism such as channel bindings (though # the channel bindings described in [RFC5929] are not defined for # TLS 1.3). If no such mechanism is used, then the connection has no # protection against active man-in-the-middle attack; applications # MUST NOT use TLS in such a way absent explicit configuration or a # specific application profile. [[spec]] level = "MUST" quote = ''' If no such mechanism is used, then the connection has no protection against active man-in-the-middle attack; applications MUST NOT use TLS in such a way absent explicit configuration or a specific application profile. '''