From 675d97d42e16fa4e55d80d76596b36c56730589b Mon Sep 17 00:00:00 2001
From: Ronald Cron <ronald.cron@arm.com>
Date: Fri, 17 Feb 2023 15:49:03 +0100
Subject: [PATCH] Add change log

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
---
 .../tls13-reorder-ciphersuite-preference-list.txt     | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 ChangeLog.d/tls13-reorder-ciphersuite-preference-list.txt

diff --git a/ChangeLog.d/tls13-reorder-ciphersuite-preference-list.txt b/ChangeLog.d/tls13-reorder-ciphersuite-preference-list.txt
new file mode 100644
index 0000000000..948bc882a4
--- /dev/null
+++ b/ChangeLog.d/tls13-reorder-ciphersuite-preference-list.txt
@@ -0,0 +1,11 @@
+Default behavior changes
+   * The default priority order of TLS 1.3 cipher suites has been modified to
+     follow the same rules as the TLS 1.2 cipher suites (see
+     ssl_ciphersuites.c).
+
+Bugfix
+   * In the TLS 1.3 server, select the prefered client cipher suite, not the
+     least prefered. The selection error was introduced in Mbed TLS 3.3.0.
+   * Fix TLS 1.3 session resumption when the established pre-shared key is
+     384 bits long. That is the length of pre-shared keys created under a
+     session where the cipher suite is TLS_AES_256_GCM_SHA384.