Merge smarter certificate selection for pre-TLS-1.2 clients
diff --git a/ChangeLog b/ChangeLog
index 0ea522e..32e20bd 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -29,6 +29,8 @@
      length of an X.509 verification chain.
    * Support for renegotiation can now be disabled at compile-time
    * Support for 1/n-1 record splitting, a countermeasure against BEAST.
+   * Certificate selection based on signature hash, prefering SHA-1 over SHA-2
+     for pre-1.2 clients when multiple certificates are available.
 
 Bugfix
    * Stack buffer overflow if ctr_drbg_update() is called with too large
@@ -51,6 +53,9 @@
    * debug_print_buf() now prints a text view in addition to hexadecimal.
    * Skip writing and parsing signature_algorithm extension if none of the
      key exchanges enabled needs certificates.
+   * A specific error is now returned when there are ciphersuites in common
+     but none of them is usable due to external factors such as no certificate
+     with a suitable (extended)KeyUsage or curve or no PSK set.
 
 = PolarSSL 1.3.9 released 2014-10-20
 Security