X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=NEWS.md;h=59081b0cdd47c8dd9f8fa6765e514daa8e1ccedc;hp=9f29a59323fb8e80baaa9c670f1646c2a9a13b2e;hb=278260bfa238aefef5a1abe2043d2f812c3a4bd5;hpb=be19d3caf0724b786ecc97ec4207c07cff63c745

diff --git a/NEWS.md b/NEWS.md
index 9f29a59323..59081b0cdd 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -21,6 +21,9 @@ OpenSSL 3.0
 
 ### Major changes between OpenSSL 1.1.1 and OpenSSL 3.0 [under development] ###
 
+  * The X25519, X448, Ed25519, Ed448 and SHAKE256 algorithms are included in
+    the FIPS provider.  None have the "fips=yes" property set and, as such,
+    will not be accidentially used.
   * The algorithm specific public key command line applications have
     been deprecated.  These include dhparam, gendsa and others.  The pkey
     alternatives should be used intead: pkey, pkeyparam and genpkey.
@@ -30,6 +33,12 @@ OpenSSL 3.0
     authenticate servers or clients.
   * enable-crypto-mdebug and enable-crypto-mdebug-backtrace were mostly
     disabled; the project uses address sanitize/leak-detect instead.
+  * Added a Certificate Management Protocol (CMP, RFC 4210) implementation
+    also covering CRMF (RFC 4211) and HTTP transfer (RFC 6712).
+    It is part of the crypto lib, while a 'cmp' app using it is in preparation.
+    All widely used CMP features are supported for both clients and servers.
+  * Added a proper HTTP(S) client to libcrypto supporting GET and POST,
+    redirection, plain and ASN.1-encoded contents, proxies, and timeouts.
   * Added OSSL_SERIALIZER, a generic serializer API.
   * Added OSSL_PARAM_BLD, an easier to use API to OSSL_PARAM.
   * Added error raising macros, ERR_raise() and ERR_raise_data().