RFC 7457, "Summarizing Known Attacks on Transport Layer Security (TLS) and Datagram TLS (DTLS)", February 2015Source of RFC: uta (app)
Errata ID: 4894
Publication Format(s) : TEXT
Reported By: Julien Élie
Date Reported: 2016-12-22
Section 2.2 says:
STARTTLS and similar mechanisms are vulnerable to downgrade attacks, whereby the attacker simply removes the STARTTLS indication from the (unprotected) request. This cannot be mitigated unless HSTS-like solutions are added.
The second paragraph in Section 2.2 ("STARTTLS Command Injection Attack") should have been in Section 2.1 ("SSL Stripping") because it concerns the attack known as "SSL Stripping".
Note that Section 3.2 of RFC 7525 refers to Section 2.1 (and not 2.2) of this RFC, when speaking about lack of advertise support for TLS.