diff --git a/ChangeLog.d/enable_opaque_ECJPAKE_key_exchange.txt b/ChangeLog.d/enable_opaque_ECJPAKE_key_exchange.txt
new file mode 100644
index 000000000..aa1332f5b
--- /dev/null
+++ b/ChangeLog.d/enable_opaque_ECJPAKE_key_exchange.txt
@@ -0,0 +1,4 @@
+Features
+   * It is now possible to use a PSA-held (opaque) password with the TLS 1.2
+     ECJPAKE key exchange, using the new API function
+     mbedtls_ssl_set_hs_ecjpake_password_opaque().