aboutsummaryrefslogtreecommitdiffstats
path: root/doc/relnotes/1_11_0.rst
diff options
context:
space:
mode:
Diffstat (limited to 'doc/relnotes/1_11_0.rst')
-rw-r--r--doc/relnotes/1_11_0.rst38
1 files changed, 38 insertions, 0 deletions
diff --git a/doc/relnotes/1_11_0.rst b/doc/relnotes/1_11_0.rst
new file mode 100644
index 000000000..d8bc5515c
--- /dev/null
+++ b/doc/relnotes/1_11_0.rst
@@ -0,0 +1,38 @@
+Version 1.11.0, Not Yet Released
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+In this release, many new features of C++11 are being used in the
+library. Currently GCC 4.7 and Clang 3.1 are known to work. This
+version of the library cannot be compiled by or used with a C++98
+compiler.
+
+There have been many changes and improvements to :doc:`TLS
+<../tls>`. The interface is now purely event driven and does not
+directly interact with sockets. New TLS features include TLS v1.2
+support, client certificate authentication, renegotiation, session
+tickets, and session resumption. Session information can be saved in
+memory or to an encrypted SQLite3 database. Newly supported TLS
+ciphersuite algorithms include using SHA-2 for message authentication,
+pre shared keys and SRP for authentication and key exchange, ECC
+algorithms for key exchange and signatures, and anonymous DH/ECDH key
+exchange.
+
+Support for :doc:`OCSP <../ocsp>` has been added. Currently only
+client-side support exists.
+
+The API for X.509 path validation has changed, with
+``x509_path_validate`` in x509path.h now handles path validation and
+``Certificate_Store`` handles storage of certificates and CRLs.
+
+The memory container types have changed substantially. The
+MemoryVector and SecureVector container types have been removed, and
+an alias of std::vector using an allocator that clears memory named
+secure_vector is used for key material, with std::vector being used
+for everything else.
+
+The technique used for mlock'ing memory on Linux and BSD systems is
+much improved. Now a single page-aligned block of memory (the exact
+limit of what we can mlock) is mmap'ed, with allocations being done
+using a best-fit allocator and all metadata held outside the mmap'ed
+range, in an effort to make best use of the very limited amount of
+memory current Linux kernels allow unpriveledged users to lock.
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-13 10:14:21 +0000