diff --git a/ChangeLog.d/relaxed-psk-semantics.txt b/ChangeLog.d/relaxed-psk-semantics.txt
new file mode 100644
index 000000000..a5063c9d8
--- /dev/null
+++ b/ChangeLog.d/relaxed-psk-semantics.txt
@@ -0,0 +1,9 @@
+API changes
+    * Modify semantics of `mbedtls_ssl_conf_[opaque_]psk()`:
+      In Mbed TLS 2.X, the API prescribes that later calls overwrite
+      the effect of earlier calls, implying that there can be at most one
+      statically configured PSK. In Mbed TLS 3.X, multiple invocations of
+      `mbedtls_ssl_conf_[opaque_]psk()` can be attempted to register
+      multiple PSKs. Once an implementation-defined limit of PSKs
+      is reached, the functions ignore the request to add
+      further PSKs and fail non-fatally.