target = "https://tools.ietf.org/rfc/rfc8446#D.3"

# D.3.  0-RTT Backward Compatibility
#
# 0-RTT data is not compatible with older servers.  An older server
# will respond to the ClientHello with an older ServerHello, but it
# will not correctly skip the 0-RTT data and will fail to complete the
# handshake.  This can cause issues when a client attempts to use
# 0-RTT, particularly against multi-server deployments.  For example, a
# deployment could deploy TLS 1.3 gradually with some servers
# implementing TLS 1.3 and some implementing TLS 1.2, or a TLS 1.3
# deployment could be downgraded to TLS 1.2.
# 
# A client that attempts to send 0-RTT data MUST fail a connection if
# it receives a ServerHello with TLS 1.2 or older.  It can then retry
# the connection with 0-RTT disabled.  To avoid a downgrade attack, the
# client SHOULD NOT disable TLS 1.3, only 0-RTT.
# 
# To avoid this error condition, multi-server deployments SHOULD ensure
# a uniform and stable deployment of TLS 1.3 without 0-RTT prior to
# enabling 0-RTT.

[[spec]]
level = "MUST"
quote = '''
A client that attempts to send 0-RTT data MUST fail a connection if
it receives a ServerHello with TLS 1.2 or older.
'''

[[spec]]
level = "SHOULD"
quote = '''
To avoid a downgrade attack, the
client SHOULD NOT disable TLS 1.3, only 0-RTT.
'''

[[spec]]
level = "SHOULD"
quote = '''
To avoid this error condition, multi-server deployments SHOULD ensure
a uniform and stable deployment of TLS 1.3 without 0-RTT prior to
enabling 0-RTT.
'''