### Changes between 1.1.1 and 3.0 [xx XXX xxxx]
+ * Remove the RAND_DRBG API
+
+ The RAND_DRBG API did not fit well into the new provider concept as
+ implemented by EVP_RAND and EVP_RAND_CTX. The main reason is that the
+ RAND_DRBG API is a mixture of 'front end' and 'back end' API calls
+ and some of its API calls are rather low-level. This holds in particular
+ for the callback mechanism (RAND_DRBG_set_callbacks()).
+
+ Adding a compatibility layer to continue supporting the RAND_DRBG API as
+ a legacy API for a regular deprecation period turned out to come at the
+ price of complicating the new provider API unnecessarily. Since the
+ RAND_DRBG API exists only since version 1.1.1, it was decided by the OMC
+ to drop it entirely.
+
+ *Paul Dale and Matthias St. Pierre*
+
+ * Allow SSL_set1_host() and SSL_add1_host() to take IP literal addresses
+ as well as actual hostnames.
+
+ *David Woodhouse*
+
* The 'MinProtocol' and 'MaxProtocol' configuration commands now silently
ignore TLS protocol version bounds when configuring DTLS-based contexts, and
conversely, silently ignore DTLS protocol version bounds when configuring
*Martin Elshuber*
+ * `PKCS12_parse` now maintains the order of the parsed certificates
+ when outputting them via `*ca` (rather than reversing it).
+
+ *David von Oheimb*
+
OpenSSL 1.1.1
-------------