We have released LibreSSL 3.1.0, which will be arriving in the LibreSSL directory of your local OpenBSD mirror soon. This is the first development release from the 3.1.x series, which will eventually be part of OpenBSD 6.7. It includes the following changes: * Completed initial TLS 1.3 implementation with a completely new state machine and record layer. TLS 1.3 is now enabled by default for the client side, with the server side to be enabled in a future release. Note that the OpenSSL TLS 1.3 API is not yet visible/available. * Many more code cleanups, fixes, and improvements to memory handling and protocol parsing. * Added RSA-PSS and RSA-OAEP methods from OpenSSL 1.1.1. * Ported Cryptographic Message Syntax (CMS) implementation from OpenSSL 1.1.1 and enabled by default. * Improved compatibility by backporting functionality and documentation from OpenSSL 1.1.1. * Added many new additional crypto test vectors. * Adjusted EVP_chacha20()'s behavior to match OpenSSL's semantics. * Default CA bundle location is now configurable in portable builds. * Added cms subcommand to openssl(1). * Added -addext option to openssl(1) req subcommand. The LibreSSL project continues improvement of the codebase to reflect modern, safe programming practices. We welcome feedback and improvements from the broader community. Thanks to all of the contributors who helped make this release possible.