target = "https://tools.ietf.org/rfc/rfc8446#D.1"

# D.1.  Negotiating with an Older Server
#
# A TLS 1.3 client who wishes to negotiate with servers that do not
# support TLS 1.3 will send a normal TLS 1.3 ClientHello containing
# 0x0303 (TLS 1.2) in ClientHello.legacy_version but with the correct
# version(s) in the "supported_versions" extension.  If the server does
# not support TLS 1.3, it will respond with a ServerHello containing an
# older version number.  If the client agrees to use this version, the
# negotiation will proceed as appropriate for the negotiated protocol.
# A client using a ticket for resumption SHOULD initiate the connection
# using the version that was previously negotiated.
# 
# Note that 0-RTT data is not compatible with older servers and
# SHOULD NOT be sent absent knowledge that the server supports TLS 1.3.
# See Appendix D.3.
# 
# If the version chosen by the server is not supported by the client
# (or is not acceptable), the client MUST abort the handshake with a
# "protocol_version" alert.
# 
# Some legacy server implementations are known to not implement the TLS
# specification properly and might abort connections upon encountering
# TLS extensions or versions which they are not aware of.
# Interoperability with buggy servers is a complex topic beyond the
# scope of this document.  Multiple connection attempts may be required
# in order to negotiate a backward-compatible connection; however, this
# practice is vulnerable to downgrade attacks and is NOT RECOMMENDED.

[[spec]]
level = "SHOULD"
quote = '''
A client using a ticket for resumption SHOULD initiate the connection
using the version that was previously negotiated.
'''

[[spec]]
level = "SHOULD"
quote = '''
Note that 0-RTT data is not compatible with older servers and
SHOULD NOT be sent absent knowledge that the server supports TLS 1.3.
'''

[[spec]]
level = "MUST"
quote = '''
If the version chosen by the server is not supported by the client
(or is not acceptable), the client MUST abort the handshake with a
"protocol_version" alert.
'''

[[spec]]
level = "SHOULD"
quote = '''
Multiple connection attempts may be required
in order to negotiate a backward-compatible connection; however, this
practice is vulnerable to downgrade attacks and is NOT RECOMMENDED.
'''