Adapt ChangeLog

commit: e27543dee11a9f38a41568fa663a384896568e15 [log] [tgz]
author: Hanno Becker <hanno.becker@arm.com> Fri Oct 13 16:54:58 2017 +0100
committer: Hanno Becker <hanno.becker@arm.com> Fri Oct 13 16:54:58 2017 +0100
tree: 3eb5b3f42f39486e9d73b0aca9e0ba9b20196547
parent: 80e0d46062acdad669f45514af5393bd39f7e370 [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index 8f7843d..4ef3f1b 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -6,6 +6,11 @@
    * Fix ssl_parse_record_header() to silently discard invalid DTLS records
      as recommended in RFC 6347 Section 4.1.2.7.
 
+Security
+   * Change default choice of DHE parameters from untrustworthy RFC 5114
+     to RFC 3526 containing parameters generated in a nothing-up-my-sleeve
+     manner.
+
 = mbed TLS 2.1.9 branch released 2017-08-10
 
 Security
commit	e27543dee11a9f38a41568fa663a384896568e15	[log] [tgz]
author	Hanno Becker <hanno.becker@arm.com>	Fri Oct 13 16:54:58 2017 +0100
committer	Hanno Becker <hanno.becker@arm.com>	Fri Oct 13 16:54:58 2017 +0100
tree	3eb5b3f42f39486e9d73b0aca9e0ba9b20196547
parent	80e0d46062acdad669f45514af5393bd39f7e370 [diff] [blame]