From: Matt Caswell <matt@openssl.org>
Date: Mon, 2 Jun 2025 14:45:06 +0000 (+0100)
Subject: Add a CHANGES.md entry regarding no_renegotiation alert
X-Git-Tag: openssl-3.3.4~35
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=649a9c7fe5329586f585887501624a7529a35f7c;p=thirdparty%2Fopenssl.git

Add a CHANGES.md entry regarding no_renegotiation alert

Highight the bug being fixed for DTLS users

Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27591)

(cherry picked from commit df5dff26efb6cdc96ebe50c35af394a1121e77fe)
---

diff --git a/CHANGES.md b/CHANGES.md
index b26d635f812..99cb07e8b78 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -28,6 +28,15 @@ OpenSSL 3.3
 
 ### Changes between 3.3.3 and 3.3.4 [xx XXX xxxx]
 
+ * Aligned the behaviour of TLS and DTLS in the event of a no_renegotiation
+   alert being received. Older versions of OpenSSL failed with DTLS if a
+   no_renegotiation alert was received. All versions of OpenSSL do this for TLS.
+   From 3.2 a bug was exposed that meant that DTLS ignored no_rengotiation. We
+   have now restored the original behaviour and brought DTLS back into line with
+   TLS.
+
+   *Matt Caswell*
+
  * When displaying distinguished names in the openssl application escape control
    characters by default.