More updates to CHANGES and NEWS for the 1.1.1 release

 Changes between 1.1.0i and 1.1.1 [xx XXX xxxx]

 Changes between 1.1.0i and 1.1.1 [xx XXX xxxx]

  *) Add a new ClientHello callback. Provides a callback interface that gives

     the application the ability to adjust the nascent SSL object at the

     earliest stage of ClientHello processing, immediately after extensions have

     been collected but before they have been processed. In particular, this

     callback can adjust the supported TLS versions in response to the contents

     of the ClientHello

     [Benjamin Kaduk]

  *) Add SM2 base algorithm support.

  *) Add SM2 base algorithm support.

     [Jack Lloyd]

     [Jack Lloyd]

  Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.1 [in pre-release]

  Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.1 [in pre-release]

      o Support for TLSv1.3 added

      o Support for TLSv1.3 added (see https://wiki.openssl.org/index.php/TLS1.3

        for further important information). The TLSv1.3 implementation includes:

          o Fully compliant implementation of RFC8446 (TLSv1.3) on by default

          o Early data (0-RTT)

          o Post-handshake authentication and key update

          o Middlebox Compatibility Mode

          o TLSv1.3 PSKs

          o Support for all five RFC8446 ciphersuites

          o RSA-PSS signature algorithms (backported to TLSv1.2)

          o Configurable session ticket support

          o Stateless server support

          o Rewrite of the packet construction code for "safer" packet handling

          o Rewrite of the extension handling code

      o Complete rewrite of the OpenSSL random number generator to introduce the

      o Complete rewrite of the OpenSSL random number generator to introduce the

        following capabilities

        following capabilities

          o The default RAND method now utilizes an AES-CTR DRBG according to

          o The default RAND method now utilizes an AES-CTR DRBG according to

      o Support for various new cryptographic algorithms including:

      o Support for various new cryptographic algorithms including:

          o SHA3

          o SHA3

          o SHA512/224 and SHA512/256

          o SHA512/224 and SHA512/256

          o EdDSA (including Ed25519 and Ed448)

          o EdDSA (both Ed25519 and Ed448) including X509 and TLS support

          o X448 (adding to the existing X25519 support in 1.1.0)

          o X448 (adding to the existing X25519 support in 1.1.0)

          o Multi-prime RSA

          o Multi-prime RSA

          o SM2

          o SM2

          o SipHash

          o SipHash

          o ARIA (including TLS support)

          o ARIA (including TLS support)

      o Significant Side-Channel attack security improvements

      o Significant Side-Channel attack security improvements

      o Add a new ClientHello callback to provide the ability to adjust the SSL

        object at an early stage.

      o Add 'Maximum Fragment Length' TLS extension negotiation and support

      o Add 'Maximum Fragment Length' TLS extension negotiation and support

      o A new STORE module, which implements a uniform and URI based reader of

      o A new STORE module, which implements a uniform and URI based reader of

        stores that can contain keys, certificates, CRLs and numerous other

        stores that can contain keys, certificates, CRLs and numerous other