From: Matt Caswell <matt@openssl.org>
Date: Mon, 2 Jun 2025 14:45:06 +0000 (+0100)
Subject: Add a CHANGES.md entry regarding no_renegotiation alert
X-Git-Tag: openssl-3.5.1~54
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=0010db7a3fb3ae29d9f9c595413a2b9fcbf4b003;p=thirdparty%2Fopenssl.git

Add a CHANGES.md entry regarding no_renegotiation alert

Highight the bug being fixed for DTLS users

Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27591)

(cherry picked from commit df5dff26efb6cdc96ebe50c35af394a1121e77fe)
---

diff --git a/CHANGES.md b/CHANGES.md
index a53a88a1d75..d5a2165a3f3 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -30,7 +30,14 @@ OpenSSL 3.5
 
 ### Changes between 3.5.0 and 3.5.1 [xx XXX xxxx]
 
- * none yet
+ * Aligned the behaviour of TLS and DTLS in the event of a no_renegotiation
+   alert being received. Older versions of OpenSSL failed with DTLS if a
+   no_renegotiation alert was received. All versions of OpenSSL do this for TLS.
+   From 3.2 a bug was exposed that meant that DTLS ignored no_rengotiation. We
+   have now restored the original behaviour and brought DTLS back into line with
+   TLS.
+
+   *Matt Caswell*
 
 ### Changes between 3.4 and 3.5.0 [8 Apr 2025]