diff --git a/ChangeLog.d/fix_fragment_len_return.txt b/ChangeLog.d/fix_fragment_len_return.txt
deleted file mode 100644
index bfbf93cd2..000000000
--- a/ChangeLog.d/fix_fragment_len_return.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Bugfix
-   * Fix the error returned when a client requests an invalid
-   * fragment length, as per RFC6066 section 4. We now return
-   * MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER, and raise the corresponding
-   * alert.
diff --git a/ChangeLog.d/fix_tls_alert_codes.txt b/ChangeLog.d/fix_tls_alert_codes.txt
new file mode 100644
index 000000000..abe3a5e6d
--- /dev/null
+++ b/ChangeLog.d/fix_tls_alert_codes.txt
@@ -0,0 +1,6 @@
+Bugfix
+   * Fix the alert raised when a client requests an invalid
+   * fragment length, as per RFC6066 section 4. We now alert with
+   * MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER. Similarly, raise
+   * MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR for an invalid finished
+   * message, as per RFC5247 section 7.2.2.