Add a CHANGES entry for the unrecognised record type change

author Matt Caswell <matt@openssl.org>

Wed, 2 Nov 2016 22:23:16 +0000 (22:23 +0000)

committer Matt Caswell <matt@openssl.org>

Wed, 2 Nov 2016 23:25:48 +0000 (23:25 +0000)
author Matt Caswell <matt@openssl.org>
Wed, 2 Nov 2016 22:23:16 +0000 (22:23 +0000)
committer Matt Caswell <matt@openssl.org>
Wed, 2 Nov 2016 23:25:48 +0000 (23:25 +0000)
diff --git a/CHANGES b/CHANGES

index 9fc2b991468e669b61b9c1daeb3ab73f35da5904..b04cf9c6a9b1166853c96a2fdae5a0da52181260 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,7 +4,11 @@
  
   Changes between 1.1.0b and 1.1.0c [xx XXX xxxx]
  
-  *)
+  *) OpenSSL now fails if it receives an unrecognised record type in TLS1.0
+     or TLS1.1. Previously this only happened in SSLv3 and TLS1.2. This is to
+     prevent issues where no progress is being made and the peer continually
+     sends unrecognised record types, using up resources processing them.
+     [Matt Caswell]
  
    *) Removed automatic addition of RPATH in shared libraries and executables,
       as this was a remainder from OpenSSL 1.0.x and isn't needed any more.
author	Matt Caswell <matt@openssl.org>
	Wed, 2 Nov 2016 22:23:16 +0000 (22:23 +0000)
committer	Matt Caswell <matt@openssl.org>
	Wed, 2 Nov 2016 23:25:48 +0000 (23:25 +0000)