Amendments + reordering

add IDN etc. -support and David's work on determine_optimal_* functions

CHANGELOG.md

@@ -19,16 +19,19 @@
 * PFS: Display of elliptical curves supported, DH and FFDHE groups (TLS 1.2 + TLS 1.3)
 * Check for session resumption (Ticket, ID)
 * TLS Robustness check (GREASE)
+* Server preference distinguishes between TLS 1.3 and lower protocols
+* Does a few startup checks which make later tests easier and faster (determine_optimal_\*() )
 * Expect-CT Header Detection
 * `--phone-out` does certificate revocation checks via OCSP (LDAP+HTTP) and with CRL
 * `--phone-out` checks whether the private key has been compromised via https://pwnedkeys.com/
 * Fully OpenBSD and LibreSSL support
 * Missing SAN warning
 * Added support for private CAs
-* Man page reviewed
-* Better error msg suppression (not fully installed OpenSSL)
 * Way better handling of connectivity problems
+* Fixed TCP fragmentation
+* Added `--ids-friendly` switch
 * Exit codes better: 0 for running without error, 1+n for small errors, >240 for major errors.
+* Better error msg suppression (not fully installed OpenSSL)
 * Dockerfile and repo @ docker hub with that file (see above)
 * Java Root CA store added
 * Better support for XMPP via STARTTLS & faster
@@ -36,10 +39,9 @@
 * Support for NNTP via STARTTLS
 * Support for SNI and STARTTLS
 * More robustness for any STARTTLS protocol (fall back to plaintext while in TLS)
-* Fixed TCP fragmentation
-* Added `--ids-friendly` switch
 * Major update of client simulations with self-collected data
-
+* IDN/IDN2 and emoji URI support (supposed libidn/idn2 is installed and DNS resolver is recent)
+* Man page reviewed
 
 ### Features implemented in 2.9.5