X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=CHANGES;h=06e5677a66d67b9cbf0a6c2f6945dd307302d036;hp=ff7e676a8e2fc8ed8f6259e848730ff062a39dbc;hb=648765ba2fe4801820f087d839d43b944b1b6f19;hpb=c6ccf055ba151c348bb0026e05a83b0135e40518;ds=sidebyside

diff --git a/CHANGES b/CHANGES
index ff7e676a8e..06e5677a66 100644
--- a/CHANGES
+++ b/CHANGES
@@ -101,9 +101,13 @@
  
  Changes between 0.9.6e and 0.9.7  [XX xxx 2002]
 
-  *) Add cipher selection rules COMPLEMENTOFALL and COMPLENENTOFDEFAULT
+  *) Add cipher selection rules COMPLEMENTOFALL and COMPLEMENTOFDEFAULT
      to allow version independent disabling of normally unselected ciphers,
      which may be activated as a side-effect of selecting a single cipher.
+
+     (E.g., cipher list string "RSA" enables ciphersuites that are left
+     out of "ALL" because they do not provide symmetric encryption.
+     "RSA:!COMPLEMEMENTOFALL" avoids these unsafe ciphersuites.)
      [Lutz Jaenicke, Bodo Moeller]
 
   *) Add appropriate support for separate platform-dependent build