Add entry explaining DH changes

Author: peterdettman

crypto/Readme.html

@@ -296,6 +296,16 @@ <h3><a class="mozTocH3" name="mozTocId3413"></a>Notes:</h3>
 
         <h4><a class="mozTocH4" name="mozTocId85317"></a>Release 1.8.3, TBD</h4>
 
+        <h5>IMPORTANT</h5>
+        <ul>
+            <li>
+                In this release, the TLS library has moved to a whitelisting approach for client-side validation of server-presented
+                Diffie-Hellman (DH) parameters. In the default configuration, if a ciphersuite using ephemeral DH is selected by the
+                server, the client will abort the handshake if the proposed DH group is not one of those specified in RFC 3526 or RFC 7919,
+                or if the DH prime is < 2048 bits. The client therefore no longer offers DH ciphersuites by default.
+            </li>
+        </ul>
+
         <h5>Additional Features and Functionality</h5>
         <ul>
             <li>Further work has been done on improving SHA-3 performance.</li>