Major changes between OpenSSL 1.1.1 and OpenSSL 3.0.0 [under development]
+ o The algorithm specific public key command line applications have
+ been deprecated. These include dhparam, gendsa and others. The pkey
+ alternatives should be used intead: pkey, pkeyparam and genpkey.
+ o X509 certificates signed using SHA1 are no longer allowed at security
+ level 1 or higher. The default security level for TLS is 1, so
+ certificates signed using SHA1 are by default no longer trusted to
+ authenticate servers or clients.
+ o enable-crypto-mdebug and enable-crypto-mdebug-backtrace were mostly
+ disabled; the project uses address sanitize/leak-detect instead.
o Added OSSL_SERIALIZER, a generic serializer API.
o Added error raising macros, ERR_raise() and ERR_raise_data().
o Deprecated ERR_put_error().
o Removed the heartbeat message in DTLS feature.
o Added EVP_KDF, an EVP layer KDF API, and a generic EVP_PKEY to EVP_KDF
bridge.
+ o All of the low level MD2, MD4, MD5, MDC2, RIPEMD160, SHA1, SHA224,
+ SHA256, SHA384, SHA512 and Whirlpool digest functions have been
+ deprecated.
+ o All of the low level AES, Blowfish, Camellia, CAST, DES, IDEA, RC2,
+ RC4, RC5 and SEED cipher functions have been deprecated.
+ o All of the low level DH, DSA, ECDH, ECDSA and RSA public key functions
+ have been deprecated.
Major changes between OpenSSL 1.1.1 and OpenSSL 1.1.1a [20 Nov 2018]