• Net::SSLeay::read() and SSL_peek() now check SSL_get_error()
  for SSL_ERROR_ZERO_RETURN for return values <= 0 to make
  Net::SSLeay::read() behave more like underlying OpenSSL
  function SSL_read().
  Convenience function ssl_read_all() now does an automatic
  retry when ERROR_WANT_READ or ERROR_WANT_WRITE is returned
  with Net::SSLeay::read().
  Convenience function ssl_read_until() now uses
  Net::SSLeay::ssl_read_all() instead of
  Net::SSLeay::read(). Tests 07_sslecho.t and 36_verify.t were
  also updated to use ssl_read_all() and ssl_write_all(). The
  tests now also disable TLSv1.3 session tickets and ignore
  SIGPIPE to avoid this signal when the client has finished
  before server has sent session tickets and called
  Net::SSLeay::accept().
  Thanks to Petr Pisar and Sebastian Andrzej Siewior for the
  patches (in #RT125218).
  
• Fix a memory leak in cb_data_advanced_put. Fixes
  RT#127131. Noticed, investigated and patched by Paul
  Evans. Thanks!
  
• Enable OpenSSL 1.1.1-pre9 with Travis CI.
  
• Add SSL_CTX_set_num_tickets, SSL_CTX_get_num_tickets,
  SSL_set_num_ticket and SSL_get_num_tickets for controlling
  the number of TLSv1.3 session tickets that are issued. Add
  tests in 44_sess.t. Parts taken from a larger patch by Petr
  Pisar of RedHat.
  
• Add SSL_CTX_set_ciphersuites and SSL_set_ciphersuites for
  configuring the available TLSv1.3 ciphersuites. Add tests in
  43_misc_functions.t and clarify SSL_client_version tests.
  
• Add SSL_CTX_set_security_level, SSL_CTX_get_security_level,
  SSL_set_security_level and SSL_get_security_level.
  Add new test file 65_security_level.t.
  All courtesy of Damyan Ivanov of Debian project.
  
• Fix export_keying_material return value check and context
  handling. SSL_export_keying_material use_context is now
  correctly set to non-zero value when context is an empty
  string. This affects values exported with TLSv1.2 and earlier.
  Update documentation in NetSSLeay.pod and add tests
  in t/local/45_export.t.
  
• Add RAND_priv_bytes. Add new test file t/local/10_rand.t for
  RAND_bytes, RAND_pseudo_bytes, RAND_priv_bytes, RAND_status,
  RAND_poll, RAND_file_name and RAND_load_file.
  
• Update documentation for RAND_*bytes return values and
  RAND_file_name behaviour with LibreSSL.
  
• Add SSL_SESSION_is_resumable. Add and update tests in 44_sess.t.
  
• Set OpenSSL security level to 1 in tests that use the test suite's
  (1024-bit) RSA keys, which allows the test suite to pass when
  Net-SSLeay is built against an OpenSSL with a higher default
  security level. Fixes RT#126987. Thanks to Petr Pisar (in
  RT#126270) and Damyan Ivanov (in RT#126987) for the reports and
  patches, and to Damyan Ivanov for the preferred patch.
  
• Add SSL_CTX_sess_set_new_cb and SSL_CTX_sess_set_remove_cb.
  Add new test file 44_sess.t for these and future session
  related tests for which no specific test file is needed.
  
• Add SSL_get_version, SSL_client_version and SSL_is_dtls.
  
• Add SSL_peek_ex, SSL_read_ex, SSL_write_ex and SSL_has_pending.
  Add tests in t/local/11_read.t
  
• Add SSL_CTX_set_post_handshake_auth contributed by Paul
  Howarth. Add SSL_set_post_handshake_auth,
  SSL_verify_client_post_handshake and constant
  SSL_VERIFY_POST_HANDSHAKE.
  
• Applied a patch to set_cert_and_key() from Damyan Ivanov,
  Debian Perl Group. This function now returns errors from
  library's error stack only when an underlying routine
  fails. Unrelated errors are now skipped. Fixes RT#126988.
  
• Add support for TLSv1.3 via $Net::SSLeay::ssl_version.
  
• Enhance t/local/43_misc_functions.t get_keyblock_size test
  to work better with AEAD ciphers.
  
• Add constants SSL_OP_ENABLE_MIDDLEBOX_COMPAT and
  SSL_OP_NO_ANTI_REPLAY for TLSv1.3
  
• Fix compile time DEFINE=-DSHOW_XS_DEBUG to work with
  non-threaded Perls. Fixes RT#127027. Thanks to SREZIC for
  the report. Also fix other minor compile warnings.