Merge fix for AEAD Random IVs
diff --git a/ChangeLog b/ChangeLog
index 86f36bb..5f4774a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,6 +3,10 @@
= mbed TLS 2.3.x branch released 2016-xx-xx
Security
+ * Remove MBEDTLS_SSL_AEAD_RANDOM_IV option, because it was not compliant
+ with RFC5116 and could lead to session key recovery in very long TLS
+ sessions. (H. Bock, A. Zauner, S. Devlin, J. Somorovsky, P. Jovanovic -
+ "Nonce-Disrespecting Adversaries Practical Forgery Attacks on GCM in TLS")
* Fix potential stack corruption in mbedtls_x509write_crt_der() and
mbedtls_x509write_csr_der() when the signature is copied to the buffer
without checking whether there is enough space in the destination. The