solar eclipse - special edition release

• client authentication (both client and server side)
• server side SNI configuration (see sni.md)
• SCSV server-side downgrade prevention (contributed by Gabriel de Perthuis @g2p #5)
• remove RC4 ciphers from default config #8
• support for AEAD ciphers, currently CCM #191
• proper bounds checking of handshake fragments #255
• disable application data between CCS and Finished #237
• remove secure renegotiation configuration option #256
• expose epoch in mirage interface, implement 2.3.0 API (error_message)
• error reporting (type failure in engine.mli) #246
• hook into Lwt event loop to feed RNG #254

A New Dawn - After Solstice

• X509_lwt provides Fingerprints and Hex_fingerprints constructor for checking fingerprints of certificates instead of trusting trust anchors
• client configuration requires an authenticator
• server certificate must be at least Config.min_rsa_key_size bits
• expose epoch via lwt interface
• mirage-2.2.0 compatibility
• cleanups of mirage interface
• nocrypto-0.3.0 compatibility

pre halloween special

• expose trust anchor when authenticating the certificate (requires x509 >= 0.2)
• information about the active session is exposed via epoch : state -> epoch
• distinguish between supported ciphersuites (type ciphersuite) and
  known ciphersuites (type any_ciphersuite)
• distinguish between supported versions by the stack (type tls_version)
  and readable versions (tls_any_version), which might occur in a tls
  record or client_hello read from the network
• support > TLS-1.2 client hellos (as reported by ssllabs.com)
• support iOS 6 devices (who propose NULL ciphers - reported in #160)
• send minimal protocol version in record layer of client hello
  (maximum version is in the client hello itself) (RFC5246, E.1)

Initial release

0.1.0

ignore *.docdir