diff --git a/CHANGES b/CHANGES
index dd23a4ee2..fc57065a6 100644
--- a/CHANGES
+++ b/CHANGES
@@ -553,6 +553,11 @@
      exiting on the first error in a request.
      [Steve Henson]
 
+  *) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate
+     if the server requested one: as stated in TLS 1.0 and SSL 3.0
+     specifications.
+     [Steve Henson]
+
   *) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional
      extra data after the compression methods not only for TLS 1.0
      but also for SSL 3.0 (as required by the specification).