===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/67.html,v
retrieving revision 1.33
retrieving revision 1.34
diff -c -r1.33 -r1.34
*** www/67.html	2020/05/07 03:39:46	1.33
--- www/67.html	2020/05/07 04:33:10	1.34
***************
*** 1133,1217 ****
    </ul>
  
  <li>LibreSSL 3.1.1
      <ul>
! 	  <li> Completed initial TLS 1.3 implementation with a completely new state
  	    machine and record layer. TLS 1.3 is now enabled by default for the
  	    client side, with the server side to be enabled in a future release.
  	    Note that the OpenSSL TLS 1.3 API is not yet visible/available.
! 	    
! 	  <li> Many more code cleanups, fixes, and improvements to memory handling
! 	    and protocol parsing.
! 	    
! 	  <li> Added RSA-PSS and RSA-OAEP methods from OpenSSL 1.1.1.
! 	    
! 	  <li> Ported Cryptographic Message Syntax (CMS) implementation from OpenSSL
  	    1.1.1 and enabled by default.
! 	    
! 	  <li> Improved compatibility by backporting functionality and documentation
! 	    from OpenSSL 1.1.1.
! 	    
! 	  <li> Added many new additional crypto test vectors.
! 	    
! 	  <li> Adjusted EVP_chacha20()'s behavior to match OpenSSL's semantics.
! 	    
! 	  <li> Default CA bundle location is now configurable in portable builds.
! 	    
! 	  <li> Added cms subcommand to openssl(1).
! 	    
! 	  <li> Added -addext option to openssl(1) req subcommand.
! 
! 	  <li> Improved SSL_CTX_set_cipher_list(3) and SSL_set_cipher_list(3) to
!           include TLSv1.3 cipher suites even if cipher string does not
!           indicate it.
! 
! 	  <li> Improved to handle TLSv1.3 HelloRetryRequest.
! 
! 	  <li> Provided TLSv1.3 cipher suite aliases to match the names used
!           in RFC 8446.
! 
! 	  <li> Improved to allow using any of the groups in our NID list to
!           generate a client key share.
! 
! 	  <li> Fixed printing the serialNumber with X509_print_ex() fall back to
!           the colon separated hex bytes in case greater than int value.
! 
! 	  <li> Fixed to disallow setting the AES-GCM IV length to zero.
! 
! 	  <li> Added -groups option to openssl(1) s_server subcommand.
! 
! 	  <li> Fixed to show TLSv1.3 extension type with openssl(1) -tlsextdebug.
! 
! 	  <li> Improved portable builds to support for use of static MSVC runtimes.
! 	  <li> Fixed portable builds to avoid exporting a sleep() symbol.
! 
!     <li>API and Documentation Enhancements
!     <ul>
!       <li>...
      </ul>
  
      <li>Compatibility Changes
      <ul>
!       <li>...
      </ul>
  
      <li>Testing and Proactive Security
      <ul>
!       <li>...
      </ul>
  
      <li>Internal Improvements
        <ul>
!       <li>...
        </ul>
  
      <li>Portable Improvements
      <ul>
!       <li>...
      </ul>
  
      <li>Bug Fixes
      <ul>
!       <li>...
      </ul>
    </ul>
  
--- 1133,1192 ----
    </ul>
  
  <li>LibreSSL 3.1.1
+   <ul>
+     <li>API and Documentation Enhancements
      <ul>
! 	<li>Completed initial TLS 1.3 implementation with a completely new state
  	    machine and record layer. TLS 1.3 is now enabled by default for the
  	    client side, with the server side to be enabled in a future release.
  	    Note that the OpenSSL TLS 1.3 API is not yet visible/available.
! 	<li>Improved SSL_CTX_set_cipher_list(3) and SSL_set_cipher_list(3) to
! 	    include TLSv1.3 cipher suites even if cipher string does not
! 	    indicate it.
! 	<li>Improved to handle TLSv1.3 HelloRetryRequest.
! 	<li>Provided TLSv1.3 cipher suite aliases to match the names used
! 	    in RFC 8446.
! 	<li>Improved to allow using any of the groups in our NID list to
! 	    generate a client key share.
! 	<li>Added RSA-PSS and RSA-OAEP methods from OpenSSL 1.1.1.
! 	<li>Ported Cryptographic Message Syntax (CMS) implementation from OpenSSL
  	    1.1.1 and enabled by default.
! 	<li>Added cms subcommand to openssl(1).
! 	<li>Added -addext option to openssl(1) req subcommand.
! 	<li>Added -groups option to openssl(1) s_server subcommand.
! 	<li>Fixed to show TLSv1.3 extension type with openssl(1) -tlsextdebug.
      </ul>
  
      <li>Compatibility Changes
      <ul>
! 	<li>Improved compatibility by backporting functionality and documentation
! 	    from OpenSSL 1.1.1.
! 	<li>Adjusted EVP_chacha20()'s behavior to match OpenSSL's semantics.
      </ul>
  
      <li>Testing and Proactive Security
      <ul>
! 	<li>Added many new additional crypto test vectors.
! 	<li>Fixed to disallow setting the AES-GCM IV length to zero.
      </ul>
  
      <li>Internal Improvements
        <ul>
! 	<li>Many more code cleanups, fixes, and improvements to memory handling
! 	    and protocol parsing.
        </ul>
  
      <li>Portable Improvements
      <ul>
! 	<li>Default CA bundle location is now configurable in portable builds.
! 	<li>Improved portable builds to support for use of static MSVC runtimes.
! 	<li>Fixed portable builds to avoid exporting a sleep() symbol.
      </ul>
  
      <li>Bug Fixes
      <ul>
! 	<li>Fixed printing the serialNumber with X509_print_ex() fall back to
! 	    the colon separated hex bytes in case greater than int value.
      </ul>
    </ul>