Add a ChangeLog entry for session serialisation
diff --git a/ChangeLog b/ChangeLog
index 5bda25c..c9b89e7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,14 @@
= mbed TLS 2.x.x branch released xxxx-xx-xx
+Security
+ * Make mbedtls_ecdh_get_params return an error if the second key
+ belongs to a different group from the first. Before, if an application
+ passed keys that belonged to different group, the first key's data was
+ interpreted according to the second group, which could lead to either
+ an error or a meaningless output from mbedtls_ecdh_get_params. In the
+ latter case, this could expose at most 5 bits of the private key.
+
Features
* Add support for draft-05 of the Connection ID extension, as specified
in https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05.
@@ -12,14 +20,10 @@
changed its IP or port. The feature is enabled at compile-time by setting
MBEDTLS_SSL_DTLS_CONNECTION_ID (disabled by default), and at run-time
through the new APIs mbedtls_ssl_conf_cid() and mbedtls_ssl_set_cid().
-
-Security
- * Make mbedtls_ecdh_get_params return an error if the second key
- belongs to a different group from the first. Before, if an application
- passed keys that belonged to different group, the first key's data was
- interpreted according to the second group, which could lead to either
- an error or a meaningless output from mbedtls_ecdh_get_params. In the
- latter case, this could expose at most 5 bits of the private key.
+ * Add new API functions mbedtls_ssl_session_save() and
+ mbedtls_ssl_session_load() to allow serialising a session, for example to
+ store it in non-volatile storage, and later using it for TLS session
+ resumption.
Bugfix
* Server's RSA certificate in certs.c was SHA-1 signed. In the default