diff --git a/ChangeLog b/ChangeLog
index 767764f6e..56187899a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,9 @@
 PolarSSL ChangeLog
 
+= Branch 1.1
+Changes
+   * HAVEGE random generator disabled by default
+
 = Version 1.1.6 released on 2013-03-11
 Bugfix
    * Fixed net_bind() for specified IP addresses on little endian systems
diff --git a/include/polarssl/config.h b/include/polarssl/config.h
index 3f539fe07..887e0fafb 100644
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@@ -452,14 +452,23 @@
  *
  * Enable the HAVEGE random generator.
  *
+ * Warning: the HAVEGE random generator is not suitable for virtualized
+ *          environments
+ *
+ * Warning: the HAVEGE random generator is dependent on timing and specific
+ *          processor traits. It is therefore not advised to use HAVEGE as
+ *          your applications primary random generator or primary entropy pool
+ *          input. As a secondary input to your entropy pool, it IS able add
+ *          the (limited) extra entropy it provides.
+ *
  * Module:  library/havege.c
  * Caller:
  *
  * Requires: POLARSSL_TIMING_C
  *
- * This module enables the HAVEGE random number generator.
- */
+ * Uncomment to enable the HAVEGE random generator.
 #define POLARSSL_HAVEGE_C
+ */
 
 /**
  * \def POLARSSL_MD_C