Commit dc8a9299bd for openssl.org

commit dc8a9299bdd1e05c7d5c407de0285a3e0f3e02af
Author: Matt Caswell <matt@openssl.org>
Date:   Wed Mar 4 12:03:40 2026 +0000

    Add a CHANGES.md entry for the max key_shares/supported groups/sig algs

    We now restrict the max number of key_shares/supported groups/sig algs
    that we will pay attention to as a server.

    Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
    Reviewed-by: Paul Dale <paul.dale@oracle.com>
    MergeDate: Fri Mar  6 10:33:04 2026
    (Merged from https://github.com/openssl/openssl/pull/30263)

diff --git a/CHANGES.md b/CHANGES.md
index 4ca2670873..8cb172fc04 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -31,6 +31,13 @@ OpenSSL Releases

 ### Changes between 3.6 and 4.0 [xx XXX xxxx]

+ * Added restrictions on the maximum number of TLS key_shares (16) that a server
+   will pay attention to, as well as the maximum number of supported groups
+   (128) and sig algs (128). Any sent beyond this number are ignored in order
+   to avoid clients sending excessively long lists in these extensions.
+
+   *Matt Caswell*
+
  * The `openssl-x509(1)`, `openssl-req(1)` and `openssl-ca(1)` command-line
    utilities no longer have specialised built-in logic to add the SKID and AKID
    extensions, they are handled through configuration files and command-line