Add a CHANGES entry for the unrecognised record type change

Reviewed-by: Tim Hudson <tjh@openssl.org>
author: Matt Caswell <matt@openssl.org> 2016-11-02 22:27:22 +0000
committer: Matt Caswell <matt@openssl.org> 2016-11-02 22:27:22 +0000
commit: 563a34e18eb34f86fb26944724d4aa21ebaea850 (patch)
tree: eeece2b3c6a372d466ac919be493ed23ed7019ad
parent: f1185392189641014dca94f3fe7834bccb5f4c16 (diff)
download: openssl-new-563a34e18eb34f86fb26944724d4aa21ebaea850.tar.gz
1 files changed, 5 insertions, 1 deletions
diff --git a/CHANGES b/CHANGES
index 009b7ef039..1fbe3b30ed 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,7 +4,11 @@
 
  Changes between 1.0.2j and 1.0.2k [xx XXX xxxx]
 
-  *)
+  *) OpenSSL now fails if it receives an unrecognised record type in TLS1.0
+     or TLS1.1. Previously this only happened in SSLv3 and TLS1.2. This is to
+     prevent issues where no progress is being made and the peer continually
+     sends unrecognised record types, using up resources processing them.
+     [Matt Caswell]
 
  Changes between 1.0.2i and 1.0.2j [26 Sep 2016]
author	Matt Caswell <matt@openssl.org>	2016-11-02 22:27:22 +0000
committer	Matt Caswell <matt@openssl.org>	2016-11-02 22:27:22 +0000
commit	563a34e18eb34f86fb26944724d4aa21ebaea850 (patch)
tree	eeece2b3c6a372d466ac919be493ed23ed7019ad
parent	f1185392189641014dca94f3fe7834bccb5f4c16 (diff)
download	openssl-new-563a34e18eb34f86fb26944724d4aa21ebaea850.tar.gz