From 717f4026d593119cf493b3c1e045462c540f4cb3 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Wed, 2 Nov 2016 22:23:16 +0000
Subject: [PATCH] Add a CHANGES entry for the unrecognised record type change

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit ce95f3b724f71f42dd57af4a0a8e2f571deaf94d)
---
 CHANGES | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/CHANGES b/CHANGES
index 9fc2b99146..b04cf9c6a9 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,7 +4,11 @@
 
  Changes between 1.1.0b and 1.1.0c [xx XXX xxxx]
 
-  *)
+  *) OpenSSL now fails if it receives an unrecognised record type in TLS1.0
+     or TLS1.1. Previously this only happened in SSLv3 and TLS1.2. This is to
+     prevent issues where no progress is being made and the peer continually
+     sends unrecognised record types, using up resources processing them.
+     [Matt Caswell]
 
   *) Removed automatic addition of RPATH in shared libraries and executables,
      as this was a remainder from OpenSSL 1.0.x and isn't needed any more.
-- 
2.25.1