Add a CHANGES.md entry for the max key_shares/supported groups/sig algs

We now restrict the max number of key_shares/supported groups/sig algs
that we will pay attention to as a server.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
MergeDate: Fri Mar  6 10:33:04 2026
(Merged from https://github.com/openssl/openssl/pull/30263)

diff --git a/CHANGES.md b/CHANGES.md
index 4ca267087386397a057698fecb7cb013f3466b94..8cb172fc049e8e55d9118c4cca37d768ae7b50d0 100644 (file)
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -31,6 +31,13 @@ OpenSSL Releases
 
 ### Changes between 3.6 and 4.0 [xx XXX xxxx]
 
+ * Added restrictions on the maximum number of TLS key_shares (16) that a server
+   will pay attention to, as well as the maximum number of supported groups
+   (128) and sig algs (128). Any sent beyond this number are ignored in order
+   to avoid clients sending excessively long lists in these extensions.
+
+   *Matt Caswell*
+
  * The `openssl-x509(1)`, `openssl-req(1)` and `openssl-ca(1)` command-line
    utilities no longer have specialised built-in logic to add the SKID and AKID
    extensions, they are handled through configuration files and command-line