Add a NEWS entry covering the FIPS related changes.

Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/21386) (cherry picked from commit dfc4b6c93b99f6666cd958c5643a24bb6edff7b7)
author: Pauli <pauli@openssl.org> 2023-07-07 18:37:08 +1000
committer: Pauli <pauli@openssl.org> 2023-07-14 09:53:42 +1000
commit: 7a3d32ae4602eb4d09c6d998b2b1ba4b81ec1f54 (patch)
tree: ecdf185f5bbf762cf597eec3543b37cee8846602 /NEWS.md
parent: 15e041b751c96ecf668a701d09a373d517610eae (diff)
1 files changed, 8 insertions, 1 deletions
diff --git a/NEWS.md b/NEWS.md
index f537762483..519c691c82 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -37,7 +37,14 @@ OpenSSL 3.2
 OpenSSL 3.1
 -----------
 
-### Major changes between OpenSSL 3.1.0 and OpenSSL 3.1.1 [under development]
+### Major changes between OpenSSL 3.1.1 and OpenSSL 3.1.2 [under development]
+
+ * When building with the `enable-fips` option and using the resulting
+   FIPS provider, TLS 1.2 will, by default, mandate the use of an
+   extended master secret and the Hash and HMAC DRBGs will not operate
+   with truncated digests.
+
+### Major changes between OpenSSL 3.1.0 and OpenSSL 3.1.1 [30 May 2023]
 
   * Mitigate for very slow `OBJ_obj2txt()` performance with gigantic OBJECT
     IDENTIFIER sub-identities.  ([CVE-2023-2650])
author	Pauli <pauli@openssl.org>	2023-07-07 18:37:08 +1000
committer	Pauli <pauli@openssl.org>	2023-07-14 09:53:42 +1000
commit	7a3d32ae4602eb4d09c6d998b2b1ba4b81ec1f54 (patch)
tree	ecdf185f5bbf762cf597eec3543b37cee8846602 /NEWS.md
parent	15e041b751c96ecf668a701d09a373d517610eae (diff)