First release, based on OpenSSL 4.0.0

Changes from YuOpenSSL-3.6:

New Features:

• Support for Encrypted Client Hello (ECH, RFC 9849).
• Support for RFC 8998, signature algorithm sm2sig_sm3, key exchange group curveSM2, and post-quantum group curveSM2MLKEM768.
• cSHAKE function support as per SP 800-185.
• “ML-DSA-MU” digest algorithm support.
• Support for SNMP KDF and SRTP KDF.
• Support for negotiated FFDHE key exchange in TLS 1.2 in accordance with RFC 7919.

Potentially Significant or Incompatible Changes:

• Removed extra leading '00:' when printing key data such as an RSA modulus in hexadecimal format where the first (most significant) byte is >= 0x80.
• Standardized the width of hexadecimal dumps to 24 bytes for signatures (to stay within the 80 characters limit) and 16 bytes for everything else.
• Added AKID verification checks when X509_V_FLAG_X509_STRICT is set.
• Augmented CRL verification process with several additional checks.
• OPENSSL_cleanup now runs in YuOpenSSL finalization section.
• Signatures of numerous API functions, including those that are related to X509 processing, are changed to include const qualifiers for argument and return types, where suitable.
• Deprecated X509_cmp_time, X509_cmp_current_time, and X509_cmp_timeframe in favor of X509_check_certificate_times.
• Removed support for the SSLv2 Client Hello.
• Removed support for SSLv3. SSLv3 has been deprecated since 2015, and OpenSSL had it disabled by default since version 1.1.0 (2016).
• Removed support for engines.
• Removed deprecated elliptic curves in TLS according to RFC 8422.
• Remove explicit EC curves.
• Removed BIO_f_reliable() implementation without replacement. It was broken since 3.0 release without any complaints.
• Removed deprecated support for custom EVP_CIPHER_, EVP_MD, EVP_PKEY, and [EVP_PKEY_ASN1]] methods.
• Removed deprecated fixed SSL/TLS version method functions.
• Removed deprecated functions ERR_get_state(), ERR_remove_state() and ERR_remove_thread_state().