We have released LibreSSL 2.5.0, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon. It includes the following
changes:

  * libtls now supports ALPN and SNI

  * libtls adds a new callback interface for integrating custom IO
    functions. Thanks to Tobias Pape.

  * libtls now handles 4 cipher suite groups:
      "secure" (TLSv1.2+AEAD+PFS)
      "compat" (HIGH:!aNULL)
      "legacy" (HIGH:MEDIUM:!aNULL)
      "insecure" (ALL:!aNULL:!eNULL)

      This allows for flexibility and finer grained control, rather than
      having two extremes (an issue raised by Marko Kreen some time ago).

  * Tightened error handling for tls_config_set_ciphers().

  * libtls now always loads CA, key and certificate files at the time the
    configuration function is called. This simplifies code and results in
    a single memory based code path being used to provide data to libssl.

  * Add support for OCSP intermediate certificates.

  * Added functions used by stunnel and exim from BoringSSL - this
    brings in X509_check_host, X509_check_email, X509_check_ip, and
    X509_check_ip_asc.

  * Added initial support for iOS, thanks to Jacob Berkman.

  * Improved behavior of arc4random on Windows when using memory leak
    analysis software.

  * Correctly handle an EOF that occurs prior to the TLS handshake
    completing. Reported by Vasily Kolobkov, based on a diff from Marko
    Kreen.

  * Limit the support of the "backward compatible" ssl2 handshake to
    only be used if TLS 1.0 is enabled.

  * Fix incorrect results in certain cases on 64-bit systems when
    BN_mod_word() can return incorrect results. BN_mod_word() now can
    return an error condition. Thanks to Brian Smith.

  * Added constant-time updates to address CVE-2016-0702

  * Fixed undefined behavior in BN_GF2m_mod_arr()

  * Removed unused Cryptographic Message Support (CMS)

  * More conversions of long long idioms to time_t

  * Improved compatibility by avoiding printing NULL strings with
    printf.

  * Reverted change that cleans up the EVP cipher context in
    EVP_EncryptFinal() and EVP_DecryptFinal(). Some software relies on the
    previous behaviour.

  * Avoid unbounded memory growth in libssl, which can be triggered by a
    TLS client repeatedly renegotiating and sending OCSP Status Request
    TLS extensions.

  * Avoid falling back to a weak digest for (EC)DH when using SNI with
    libssl.

The LibreSSL project continues improvement of the codebase to reflect modern,
safe programming practices. We welcome feedback and improvements from the
broader community. Thanks to all of the contributors who helped make this
release possible.