tls: reduce the strength of CCM_8 ciphers due to their short IV.

[thirdparty/openssl.git] / CHANGES.md

diff --git a/CHANGES.md b/CHANGES.md
index c9d3825eecf5cb036cfc87f1ce53ac4727b0ca3a..cfb6eb0821b31a073f0fc72fa22cbb6314beeefb 100644 (file)
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -24,6 +24,11 @@ OpenSSL 3.1
 
 ### Changes between 3.0 and 3.1 [xx XXX xxxx]
 
+ * CCM8 cipher suites in TLS have been downgraded to security level 1 because
+   they use a short tag which lowers their strength.
+
+   *Paul Dale*
+
  * Subject or issuer names in X.509 objects are now displayed as UTF-8 strings
    by default.