Ever since vendors started deploying TLS 1.0 clients, these clients
have had to handle server implementations that do not tolerate the
TLS version supported by the client, usually by automatically
signaling an older supported version instead. Such version rollbacks
represent a potential security hazard, if the older version should
become vulnerable to attacks. The same history repeated when TLS
Extensions were introduced, as some servers would not negotiate with
clients that sent these protocol extensions, forcing clients to
reduce protocol functionality in order to maintain interoperability.
This document outlines a procedure to help clients decide when they
may use version rollback to maintain interoperability with legacy
servers, under what conditions the clients should not allow version
rollbacks, such as when the server has indicated support for the TLS
Renegotiation Information extension. The intention of this procedure
is to limit the use of automatic version rollback to legacy servers
and eventually eliminate its use.