diff --git a/ChangeLog b/ChangeLog
index ce8f1d9aa..53a6095f2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,9 @@
 PolarSSL ChangeLog
 
 = Branch 1.2
+Change
+   * HAVEGE random generator disabled by default
+
 Bugfix
    * Secure renegotiation extension should only be sent in case client
      supports secure renegotiation
diff --git a/include/polarssl/config.h b/include/polarssl/config.h
index b69bd8ced..145b99bc1 100644
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@@ -583,14 +583,23 @@
  *
  * Enable the HAVEGE random generator.
  *
+ * Warning: the HAVEGE random generator is not suitable for virtualized
+ *          environments
+ *
+ * Warning: the HAVEGE random generator is dependent on timing and specific
+ *          processor traits. It is therefore not advised to use HAVEGE as
+ *          your applications primary random generator or primary entropy pool
+ *          input. As a secondary input to your entropy pool, it IS able add
+ *          the (limited) extra entropy it provides.
+ *
  * Module:  library/havege.c
  * Caller:
  *
  * Requires: POLARSSL_TIMING_C
  *
- * This module enables the HAVEGE random number generator.
- */
+ * Uncomment to enable the HAVEGE random generator.
 #define POLARSSL_HAVEGE_C
+ */
 
 /**
  * \def POLARSSL_MD_C