RFC Errata
RFC 8446, "The Transport Layer Security (TLS) Protocol Version 1.3", August 2018
Source of RFC: tls (sec)
Errata ID: 6140
Status: Reported
Type: Editorial
Publication Format(s) : TEXT
Reported By: Ben Smyth
Date Reported: 2020-04-29
Section 4.4.2.2. says:
This fallback chain SHOULD NOT use the deprecated SHA-1 hash algorithm in general, but MAY do so if the client's advertisement permits it, and MUST NOT do so otherwise.
It should say:
This fullback chain MUST NOT use the deprecated SHA-1 hash, except if advertised by the client, in which case it MAY.
Notes:
The original text is difficult to read, eliminating the unnecessary "SHOULD NOT" seems to make it
easier.