RFC 8446, "The Transport Layer Security (TLS) Protocol Version 1.3", August 2018Source of RFC: tls (sec)
Errata ID: 6140
Publication Format(s) : TEXT
Reported By: Ben Smyth
Date Reported: 2020-04-29
Section 220.127.116.11. says:
This fallback chain SHOULD NOT use the deprecated SHA-1 hash algorithm in general, but MAY do so if the client's advertisement permits it, and MUST NOT do so otherwise.
It should say:
This fullback chain MUST NOT use the deprecated SHA-1 hash, except if advertised by the client, in which case it MAY.
The original text is difficult to read, eliminating the unnecessary "SHOULD NOT" seems to make it