diff --git a/ChangeLog b/ChangeLog
index f0f0adcc2..2b51621d6 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -10,6 +10,11 @@ Bugfix
    * Reduce stack usage of `mpi_write_hlp()` by eliminating recursion.
      Fixes #2190.
 
+Features
+   * Add MBEDTLS_REMOVE_3DES_CIPHERSUITES to allow removing 3DES ciphersuites
+     from the default list (enabled by default). See
+     https://sweet32.info/SWEET32_CCS16.pdf.
+
 Changes
    * Include configuration file in all header files that use configuration,
      instead of relying on other header files that they include.
@@ -23,10 +28,6 @@ Changes
      by Aurelien Jarno and submitted by Jeffrey Martin.
    * Ciphersuites based on 3DES now have the lowest priority by default.
 
-Features
-   * Add MBEDTLS_REMOVE_3DES_CIPHERSUITES to allow removing 3DES ciphersuites
-     from the default list (inactive by default).
-
 = mbed TLS 2.7.9 branch released 2018-12-21
 
 Bugfix
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 113e1d18d..5b176caa6 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -565,6 +565,13 @@
  * to enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including
  * them explicitly.
  *
+ * A man-in-the browser attacker can recover authentication tokens sent through
+ * a TLS connection using a 3DES based cipher suite (see "On the Practical
+ * (In-)Security of 64-bit Block Ciphers" by Karthikeyan Bhargavan and Gaëtan
+ * Leurent, see https://sweet32.info/SWEET32_CCS16.pdf). If this attack falls
+ * in your threat model or you are unsure, then you should keep this option
+ * enabled to remove 3DES based cipher suites.
+ *
  * Comment this macro to keep 3DES in the default ciphersuite list.
  */
 #define MBEDTLS_REMOVE_3DES_CIPHERSUITES