+ *) TLSv1.3 replay protection for early data has been implemented. See the
+ SSL_read_early_data() man page for further details.
+ [Matt Caswell]
+
+ *) Separated TLSv1.3 ciphersuite configuration out from TLSv1.2 ciphersuite
+ configuration. TLSv1.3 ciphersuites are not compatible with TLSv1.2 and
+ below. Similarly TLSv1.2 ciphersuites are not compatible with TLSv1.3.
+ In order to avoid issues where legacy TLSv1.2 ciphersuite configuration
+ would otherwise inadvertently disable all TLSv1.3 ciphersuites the
+ configuraton has been separated out. See the ciphers man page or the
+ SSL_CTX_set_ciphersuites() man page for more information.
+ [Matt Caswell]
+
+ *) On POSIX (BSD, Linux, ...) systems the ocsp(1) command running
+ in responder mode now supports the new "-multi" option, which
+ spawns the specified number of child processes to handle OCSP
+ requests. The "-timeout" option now also limits the OCSP
+ responder's patience to wait to receive the full client request
+ on a newly accepted connection. Child processes are respawned
+ as needed, and the CA index file is automatically reloaded
+ when changed. This makes it possible to run the "ocsp" responder
+ as a long-running service, making the OpenSSL CA somewhat more
+ feature-complete. In this mode, most diagnostic messages logged
+ after entering the event loop are logged via syslog(3) rather than
+ written to stderr.
+ [Viktor Dukhovni]
+
+ *) Added support for X448 and Ed448. Heavily based on original work by
+ Mike Hamburg.