Version 1.11.4, 2013-07-25
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* CPU specific extensions are now always compiled if support for the
  operations is available at build time, and flags enabling use of
  extra operations (such as SSE2) are only included when compiling
  files which specifically request support. This means, for instance,
  that the SSSE3 and AES-NI implementations of AES are always included
  in x86 builds, relying on runtime cpuid checking to prevent their
  use on CPUs that do not support those operations.

* The default TLS policy now only accepts TLS, to minimize surprise
  for servers which might not expect to negotiate DTLS. Previously a
  server would by default negotiate either protocol type (clients
  would only accept the same protocol type as they
  offered). Applications which use DTLS or combined TLS/DTLS need to
  override :cpp:func:`Policy::acceptable_protocol_version`.

* The TLS channels now accept a new parameter specifying how many
  bytes to preallocate for the record handling buffers, which allows
  an application some control over how much memory is used at runtime
  for a particular connection.

* Applications can now send arbitrary TLS alert messages using
  :cpp:func:`TLS::Channel::send_alert`

* A new TLS policy :cpp:class:`NSA_Suite_B_128` is available, which
  will negotiate only the 128-bit security NSA Suite B. See
  :rfc:`6460` for more information about Suite B.

* Adds a new interface for benchmarking, :cpp:func:`time_algorithm_ops`,
  which returns a map of operations to operations per second. For
  instance now both encrypt and decrypt speed of a block cipher can be
  checked, as well as the key schedule of all keyed algorithms. It
  additionally supports AEAD modes.

* Rename ARC4 to RC4