Changes between 1.0.1 and 1.1.0 [xx XXX xxxx]
+ *) Add protection against ECDSA timing attacks as mentioned in the paper
+ by Billy Bob Brumley and Nicola Tuveri, see:
+
+ http://eprint.iacr.org/2011/232.pdf
+
+ [Billy Bob Brumley and Nicola Tuveri]
+
+ *) Add TLS v1.2 server support for client authentication.
+ [Steve Henson]
+
+ *) Add support for FIPS mode in ssl library: disable SSLv3, non-FIPS ciphers
+ and enable MD5.
+ [Steve Henson]
+
+ *) Functions FIPS_mode_set() and FIPS_mode() which call the underlying
+ FIPS modules versions.
+ [Steve Henson]
+
+ *) Add TLS v1.2 client side support for client authentication. Keep cache
+ of handshake records longer as we don't know the hash algorithm to use
+ until after the certificate request message is received.
+ [Steve Henson]
+
+ *) Rename FIPS_mode_set and FIPS_mode to FIPS_module_mode_set and
+ FIPS_module_mode. FIPS_mode and FIPS_mode_set will be implmeneted
+ outside the validated module in the FIPS capable OpenSSL.
+ [Steve Henson]
+
+ *) Initial TLS v1.2 client support. Add a default signature algorithms
+ extension including all the algorithms we support. Parse new signature
+ format in client key exchange. Relax some ECC signing restrictions for
+ TLS v1.2 as indicated in RFC5246.
+ [Steve Henson]
+
+ *) Add server support for TLS v1.2 signature algorithms extension. Switch
+ to new signature format when needed using client digest preference.
+ All server ciphersuites should now work correctly in TLS v1.2. No client
+ support yet and no support for client certificates.
+ [Steve Henson]
+
+ *) Initial TLS v1.2 support. Add new SHA256 digest to ssl code, switch
+ to SHA256 for PRF when using TLS v1.2 and later. Add new SHA256 based
+ ciphersuites. At present only RSA key exchange ciphersuites work with
+ TLS v1.2. Add new option for TLS v1.2 replacing the old and obsolete
+ SSL_OP_PKCS1_CHECK flags with SSL_OP_NO_TLSv1_2. New TLSv1.2 methods
+ and version checking.
+ [Steve Henson]
+
*) New option OPENSSL_NO_SSL_INTERN. If an application can be compiled
with this defined it will not be affected by any changes to ssl internal
structures. Add several utility functions to allow openssl application