Add a CHANGES.md entry regarding no_renegotiation alert

author Matt Caswell <matt@openssl.org>

Mon, 2 Jun 2025 14:45:06 +0000 (15:45 +0100)

committer Tomas Mraz <tomas@openssl.org>

Wed, 4 Jun 2025 15:21:42 +0000 (17:21 +0200)
author Matt Caswell <matt@openssl.org>
Mon, 2 Jun 2025 14:45:06 +0000 (15:45 +0100)
committer Tomas Mraz <tomas@openssl.org>
Wed, 4 Jun 2025 15:21:42 +0000 (17:21 +0200)
diff --git a/CHANGES.md b/CHANGES.md

index 87a9cc1ee7bd7c849d4c05254055fa9a560654ba..0261d880307e9d186561f5ab0756f08d37326e5c 100644 (file)
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -99,7 +99,18 @@ OpenSSL 3.6
  OpenSSL 3.5
  -----------
  
-### Changes between 3.4 and 3.5 [xx XXX xxxx]
+### Changes between 3.5.0 and 3.5.1 [xx XXX xxxx]
+
+ * Aligned the behaviour of TLS and DTLS in the event of a no_renegotiation
+   alert being received. Older versions of OpenSSL failed with DTLS if a
+   no_renegotiation alert was received. All versions of OpenSSL do this for TLS.
+   From 3.2 a bug was exposed that meant that DTLS ignored no_rengotiation. We
+   have now restored the original behaviour and brought DTLS back into line with
+   TLS.
+
+   *Matt Caswell*
+
+### Changes between 3.4 and 3.5.0 [8 Apr 2025]
  
   * Added server side support for QUIC
author	Matt Caswell <matt@openssl.org>
	Mon, 2 Jun 2025 14:45:06 +0000 (15:45 +0100)
committer	Tomas Mraz <tomas@openssl.org>
	Wed, 4 Jun 2025 15:21:42 +0000 (17:21 +0200)