Prefer stronger algorithms in algorithm negotiation. Prefer diffie-hellman-group14-sha1 (2048 bit) over diffie-hellman-group1-sha1 (1024 bit). Due to meet-in-the-middle attacks the effective key length of three key 3DES is 112 bits. AES is stronger and faster then 3DES. Prefer to delay the start of compression until after authentication has completed. This avoids exposing compression code to attacks from unauthenticated users. (github pull request #9)

stopped at ch12
-- needs examples for ecc/dsa!!! (and for asn.1)

must have for v1.16
- document PK build flags
- document makefile flags [INSTALL_* for instance]
- prepare manual for printing (both soft and hard cover)

Nice to have [in order of precedence]
- add X9.63 IES
- add CPP macros like OpenSSL has for ASN1 (e.g. encode/decode functions, etc) shameless ripoff :-)