We have released LibreSSL 3.1.0, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.

This is the first development release from the 3.1.x series, which will
eventually be part of OpenBSD 6.7.  It includes the following changes:

  * Completed initial TLS 1.3 implementation with a completely new state
    machine and record layer. TLS 1.3 is now enabled by default for the
    client side, with the server side to be enabled in a future release.
    Note that the OpenSSL TLS 1.3 API is not yet visible/available.

  * Many more code cleanups, fixes, and improvements to memory handling
    and protocol parsing.

  * Added RSA-PSS and RSA-OAEP methods from OpenSSL 1.1.1.

  * Ported Cryptographic Message Syntax (CMS) implementation from OpenSSL
    1.1.1 and enabled by default.

  * Improved compatibility by backporting functionality and documentation
    from OpenSSL 1.1.1.

  * Added many new additional crypto test vectors.

  * Adjusted EVP_chacha20()'s behavior to match OpenSSL's semantics.

  * Default CA bundle location is now configurable in portable builds.

  * Added cms subcommand to openssl(1).

  * Added -addext option to openssl(1) req subcommand.

The LibreSSL project continues improvement of the codebase to reflect modern,
safe programming practices. We welcome feedback and improvements from the
broader community. Thanks to all of the contributors who helped make this
release possible.