Insecure TLS Renegotiation

SSL/TLS has been beleaguered with MitM exploitable attacks over the last decade. Insecure TLS renegotiation falls into this category. Suppose an attacker who has required a MitM position connects to a webserver and performs an initial handshake followed by pushing data via an HTTP post request. The attacker is now in place. When the victim connects to the attacker and generates their initial handshake, it can be forwarded to the webserver as a renegotiation of the attacker's initial connection. From the victim's perspective, they have made an initial handshake directly with the webserver. From the web server's perspective, this is not the initial handshake but a renegotiation of the connection already initiated by the attacker. Communication can now proceed; however, the critical point here is the server does not pick up on what is happening and so processes the initial request from the attacker as if the victim had made it.