diff --git a/docs/releasenotes.rst b/docs/releasenotes.rst
index 34dc23c99a7fc7d6b201350f69d7e3cdc378496a..3a3e30dcf3c03073846ed9553147d39ebce6e6d5 100644
--- a/docs/releasenotes.rst
+++ b/docs/releasenotes.rst
@@ -64,6 +64,17 @@ Breaking changes:
     ciphers. This could introduce incompatibility with older
     clients/servers trying to connect to the XMPP server.
 
+  * TLS hardening is now applied to the *c2s* (client) connections on
+    both the standard (``5222``) and legacy (``5223``) ports. Protocol
+    version and ciphers are configurable via new
+    ``xmpp_server_tls_protocol`` and ``xmpp_server_tls_ciphers``
+    parameters with defaults enforcing TLSv1.2+ and PFS (perfect
+    forward secrecy) ciphers.
+
+  * Support for older Prosody versions (``0.9.x``) has been
+    dropped. Only Prosody ``0.10.x`` is supported at the moment (due
+    to missing Lua LDAP bindings in Debian 9 Stretch).
+
 Bug fixes:
 
 * ``common`` role