Version 1.11.0, Not Yet Released ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ In this release, many new features of C++11 are being used in the library. Currently GCC 4.7 and Clang 3.1 are known to work. This version of the library cannot be compiled by or used with a C++98 compiler. There have been many changes and improvements to :doc:`TLS <../tls>`. The interface is now purely event driven and does not directly interact with sockets. New TLS features include TLS v1.2 support, client certificate authentication, renegotiation, session tickets, and session resumption. Session information can be saved in memory or to an encrypted SQLite3 database. Newly supported TLS ciphersuite algorithms include using SHA-2 for message authentication, pre shared keys and SRP for authentication and key exchange, ECC algorithms for key exchange and signatures, and anonymous DH/ECDH key exchange. Support for :doc:`OCSP <../ocsp>` has been added. Currently only client-side support exists. The API for X.509 path validation has changed, with ``x509_path_validate`` in x509path.h now handles path validation and ``Certificate_Store`` handles storage of certificates and CRLs. The memory container types have changed substantially. The MemoryVector and SecureVector container types have been removed, and an alias of std::vector using an allocator that clears memory named secure_vector is used for key material, with std::vector being used for everything else. The technique used for mlock'ing memory on Linux and BSD systems is much improved. Now a single page-aligned block of memory (the exact limit of what we can mlock) is mmap'ed, with allocations being done using a best-fit allocator and all metadata held outside the mmap'ed range, in an effort to make best use of the very limited amount of memory current Linux kernels allow unpriveledged users to lock. :rfc:`5915` adds some extended information which can be included in ECC private keys which the ECC key decoder did not expect, causing an exception when such a key was loaded. In particular, recent versions of OpenSSL use these fields. Now these fields are decoded properly, and if the public key value is included it is used, as otherwise the public key needs to be rederived from the private key. However the library does not include these fields on encoding keys for compatability with software that does not expect them (including older versions of botan).