Reduce priority of 3DES ciphersuites
diff --git a/ChangeLog b/ChangeLog
index 2500919..abd12d5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -7,10 +7,8 @@
which allows copy-less parsing of DER encoded X.509 CRTs,
at the cost of additional lifetime constraints on the input
buffer, but at the benefit of reduced RAM consumption.
-
-API Changes
- * Add a new X.509 API call `mbedtls_x509_parse_der_nocopy()`.
- See the Features section for more information.
+ * Add MBEDTLS_REMOVE_3DES_CIPHERSUITES to allow removing 3DES ciphersuites
+ from the default list (inactive by default).
Bugfix
* Fix a compilation issue with mbedtls_ecp_restart_ctx not being defined
@@ -53,6 +51,11 @@
underlying OS actually guarantees.
* Fix configuration queries in ssl-opt.h. #2030
* Ensure that ssl-opt.h can be run in OS X. #2029
+ * Ciphersuites based on 3DES now have the lowest priority by default.
+
+API Changes
+ * Add a new X.509 API call `mbedtls_x509_parse_der_nocopy()`.
+ See the Features section for more information.
= mbed TLS 2.16.0 branch released 2018-12-21