target = "https://tools.ietf.org/rfc/rfc8446#D.4"

# D.4.  Middlebox Compatibility Mode
#
# Field measurements [Ben17a] [Ben17b] [Res17a] [Res17b] have found
# that a significant number of middleboxes misbehave when a TLS
# client/server pair negotiates TLS 1.3.  Implementations can increase
# the chance of making connections through those middleboxes by making
# the TLS 1.3 handshake look more like a TLS 1.2 handshake:
# 
# -  The client always provides a non-empty session ID in the
#    ClientHello, as described in the legacy_session_id section of
#    Section 4.1.2.
# 
# -  If not offering early data, the client sends a dummy
#    change_cipher_spec record (see the third paragraph of Section 5)
#    immediately before its second flight.  This may either be before
#    its second ClientHello or before its encrypted handshake flight.
#    If offering early data, the record is placed immediately after the
#    first ClientHello.
# 
# -  The server sends a dummy change_cipher_spec record immediately
#    after its first handshake message.  This may either be after a
#    ServerHello or a HelloRetryRequest.
# 
# When put together, these changes make the TLS 1.3 handshake resemble
# TLS 1.2 session resumption, which improves the chance of successfully
# connecting through middleboxes.  This "compatibility mode" is
# partially negotiated: the client can opt to provide a session ID or
# not, and the server has to echo it.  Either side can send
# 
# change_cipher_spec at any time during the handshake, as they must be
# ignored by the peer, but if the client sends a non-empty session ID,
# the server MUST send the change_cipher_spec as described in this
# appendix.

[[spec]]
level = "MUST"
quote = '''
change_cipher_spec at any time during the handshake, as they must be
ignored by the peer, but if the client sends a non-empty session ID,
the server MUST send the change_cipher_spec as described in this
appendix.
'''