From bbf758a6fdc890cd75ba885c3b2381f239f8cbf1 Mon Sep 17 00:00:00 2001
From: Artem Boldariev <artem@boldariev.com>
Date: Tue, 28 Sep 2021 12:49:25 +0300
Subject: [PATCH] Modify CHANGES [GL #2796]

Mention the new "tls" options in the CHANGES file.
---
 CHANGES | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/CHANGES b/CHANGES
index 1ac9a627ac..0ee3ee6977 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,18 @@
+5729.	[func]		Allow finer control over the TLS protocol by
+			implementing more options within "tls" clauses, namely:
+			- Diffie-Hellman parameters via
+			  'dhparam-file "<path_to_file>";'
+			- OpenSSL cipher list string via
+			  'ciphers "<cipher_list>";'
+			- Server or client ciphers preference via
+			  'prefer-server-ciphers yes|no;'
+			- Ability to explicitly enable or disable stateless
+			  TLS session tickets via 'session-tickets yes|no;'
+			The options are enough to implement perfect forward
+			secrecy in DNS-over-TLS, DNS-over-HTTPS transports.
+			Most of these options were no-op before this
+			change. [GL #2796]
+
 5728.	[func]		Allow specifying supported TLS protocol
 			versions within "tls" clauses
 			(e.g. protocols { TLSv1.2; TLSv1.3; };). [GL #2795]