Add a CHANGES entry for the unrecognised record type change

[openssl.git] / CHANGES

diff --git a/CHANGES b/CHANGES
index eb18673f660fc6b84df9e2a736aef5fc3ad81339..ba661db6388cc839ad554cfebd941bf26e9d52c6 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,13 +4,23 @@
 
  Changes between 1.1.0a and 1.1.1 [xx XXX xxxx]
 
-  *)
+  *) OpenSSL now fails if it receives an unrecognised record type in TLS1.0
+     or TLS1.1. Previously this only happened in SSLv3 and TLS1.2. This is to
+     prevent issues where no progress is being made and the peer continually
+     sends unrecognised record types, using up resources processing them.
+     [Matt Caswell]
 
   *) 'openssl passwd' can now produce SHA256 and SHA512 based output,
      using the algorithm defined in
      https://www.akkadia.org/drepper/SHA-crypt.txt
      [Richard Levitte]
 
+ Changes between 1.1.0b and 1.1.0c [xx XXX xxxx]
+
+  *) Removed automatic addition of RPATH in shared libraries and executables,
+     as this was a remainder from OpenSSL 1.0.x and isn't needed any more.
+     [Richard Levitte]
+
  Changes between 1.1.0a and 1.1.0b [26 Sep 2016]
 
   *) Fix Use After Free for large message sizes
@@ -400,6 +410,12 @@
      template in Configurations, like unix-Makefile.tmpl or
      descrip.mms.tmpl.
 
+     With this change, the library names were also renamed on Windows
+     and on VMS.  They now have names that are closer to the standard
+     on Unix, and include the major version number, and in certain
+     cases, the architecture they are built for.  See "Notes on shared
+     libraries" in INSTALL.
+
      We rely heavily on the perl module Text::Template.
      [Richard Levitte]