From c8d58f20ac77ebd48a41294e3b9c26efa3e98c1e Mon Sep 17 00:00:00 2001
From: John Baldwin <jhb@FreeBSD.org>
Date: Tue, 17 Aug 2021 14:40:33 -0700
Subject: [PATCH] UPDATING: Add a note about OpenSSL defaulting KTLS to off.

Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D31444

(cherry picked from commit 671a35b176e4b3c445696a8b423db5f8de26c285)
---
 UPDATING | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/UPDATING b/UPDATING
index 6ad89bbf660..ba5ec4f6d20 100644
--- a/UPDATING
+++ b/UPDATING
@@ -12,6 +12,14 @@ Items affecting the ports and packages system can be found in
 /usr/ports/UPDATING.  Please read that file before updating system packages
 and/or ports.
 
+20210823:
+	As of commit 622809b0868f OpenSSL no longer enables kernel TLS
+	by default.  Users can enable kernel TLS via the "KTLS" SSL
+	option.  This can be enabled globally by using a custom
+	OpenSSL config file via OPENSSL_CONF or via an
+	application-specific configuration option for applications
+	which permit setting SSL options via SSL_CONF_cmd(3).
+
 20210803:
 	Commits 9fb6e613373c and 9ec7dbf46b0a both changed the internal
 	KAPI between the NFS modules.  Bump __FreeBSD_version to 1300514.