Add a CHANGES.md entry regarding no_renegotiation alert

Highight the bug being fixed for DTLS users

Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27591)

(cherry picked from commit df5dff26efb6cdc96ebe50c35af394a1121e77fe)

diff --git a/CHANGES.md b/CHANGES.md
index c8bd86f930f0e1563898c2b28d26742e39562183..3537b209ee7732cf98224c4ae7361e232894993f 100644 (file)
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -29,6 +29,15 @@ OpenSSL 3.4
 
 ### Changes between 3.4.1 and 3.4.2 [xx XXX xxxx]
 
+ * Aligned the behaviour of TLS and DTLS in the event of a no_renegotiation
+   alert being received. Older versions of OpenSSL failed with DTLS if a
+   no_renegotiation alert was received. All versions of OpenSSL do this for TLS.
+   From 3.2 a bug was exposed that meant that DTLS ignored no_rengotiation. We
+   have now restored the original behaviour and brought DTLS back into line with
+   TLS.
+
+   *Matt Caswell*
+
  * When displaying distinguished names in the openssl application escape control
    characters by default.