diff --git a/ChangeLog.d/verify-result-default-value.txt b/ChangeLog.d/verify-result-default-value.txt
index d85dfe2670..2cf3f0c21b 100644
--- a/ChangeLog.d/verify-result-default-value.txt
+++ b/ChangeLog.d/verify-result-default-value.txt
@@ -1,5 +1,5 @@
 Changes
    * Harden mbedtls_ssl_get_verify_result() against misuse.
-     Return failure if the handshake has not yet been attempted. Previously
-     the result of verification was zero-initialized so the function would
-     return 0 (indicating success).
+     If the handshake has not yet been attempted, return -1u to indicate
+     that the result is not available. Previously the result of verification
+     was zero-initialized so the function would return 0 (indicating success).