diff --git a/ChangeLog.d/fix-rsa-pss-rsae-compitable-issue.txt b/ChangeLog.d/fix-rsa-pss-rsae-compitable-issue.txt
new file mode 100644
index 000000000..d588cbd05
--- /dev/null
+++ b/ChangeLog.d/fix-rsa-pss-rsae-compitable-issue.txt
@@ -0,0 +1,7 @@
+Bugfix
+   * When GnuTLS/Openssl server is configured in TLS 1.2 mode with a certificate
+     declaring an RSA public key and Mbed TLS is configured in hybrid mode, if
+     `rsa_pss_rsae_*` algorithms are before `rsa_pkcs1_*` ones in this list then
+     the GnuTLS/Openssl server chooses an `rsa_pss_rsae_*` signature algorithm
+     for its signature in the key exchange message. As Mbed TLS 1.2 does not
+     support them, the handshake fails.