[CHEF-5356-gcm] docs updated to clarify ruby 2 requirement

2 files changed, 5 insertions, 1 deletions

diff --git a/DOC_CHANGES.md b/DOC_CHANGES.md
index 0660e9a38d..db9f6143e9 100644
--- a/DOC_CHANGES.md
+++ b/DOC_CHANGES.md
@@ -99,3 +99,7 @@ knife now includes a warning in the -E/--environment option that this setting is
 
 ### New configurable option :yum-lock-timeout
 You can now set the timeout for receiving the yum lock in `config.rb` by adding `yum-lock-timeout SECONDS` (default is 30 seconds).
+
+### Encrypted Data Bags Version 3
+
+Encrypted Data Bag version 3 uses [GCM](http://en.wikipedia.org/wiki/Galois/Counter_Mode) internally. Ruby 2 and OpenSSL version 1.0.1 or higher are required to use it.
diff --git a/lib/chef/config.rb b/lib/chef/config.rb
index 788553be48..99bfe58f80 100644
--- a/lib/chef/config.rb
+++ b/lib/chef/config.rb
@@ -433,7 +433,7 @@ class Chef
     # To maintain compatibility, versions other than 1 must be opt-in.
     #
     # Set this to `2` if you have chef-client 11.6.0+ in your infrastructure.
-    # Set this to `3` if you have chef-client 11.?.0+ and OpenSSL >= 1.0.1 in your infrastructure. (TODO)
+    # Set this to `3` if you have chef-client 11.?.0+, ruby 2 and OpenSSL >= 1.0.1 in your infrastructure. (TODO)
     default :data_bag_encrypt_version, 1
 
     # When reading data bag items, any supported version is accepted. However,