Urllib3-future

=================

* Require and validate certificates by default when using HTTPS (Pull 1507)

* Upgraded ``urllib3.utils.parse_url()`` to be RFC 3986 compliant. (Pull 1487)

* Added support for ``key_password`` for ``HTTPSConnectionPool`` to use
encrypted ``key_file`` without creating your own ``SSLContext`` object. (Pull 1489)

* Add TLSv1.3 support to CPython, pyOpenSSL, and SecureTransport ``SSLContext``
implementations. (Pull 1496)

* Switched the default multipart header encoder from RFC 2231 to HTML 5 working draft. (Issue 303, Pull 1492)

* Fixed issue where OpenSSL would block if an encrypted client private key was
given and no password was given. Instead an ``SSLError`` is raised. (Pull 1489)

* Added support for Brotli content encoding. It is enabled automatically if
``brotlipy`` package is installed which can be requested with
``urllib3[brotli]`` extra. (Pull 1532)

* Drop ciphers using DSS key exchange from default TLS cipher suites.
Improve default ciphers when using SecureTransport. (Pull 1496)

* Implemented a more efficient ``HTTPResponse.__iter__()`` method. (Issue 1483)

===================

* Apply fix for CVE-2019-9740. (Pull 1591)

===================

* Don't load system certificates by default when any other ``ca_certs``, ``ca_certs_dir`` or
``ssl_context`` parameters are specified.

* Remove Authorization header regardless of case when redirecting to cross-site. (Issue 1510)

* Add support for IPv6 addresses in subjectAltName section of certificates. (Issue 1269)

===================

* Remove quadratic behavior within ``GzipDecoder.decompress()`` (Issue 1467)

* Restored functionality of ``ciphers`` parameter for ``create_urllib3_context()``. (Issue 1462)

=================

* Allow key_server_hostname to be specified when initializing a PoolManager to allow custom SNI to be overridden. (Pull 1449)

* Test against Python 3.7 on AppVeyor. (Pull 1453)

* Early-out ipv6 checks when running on App Engine. (Pull 1450)

* Change ambiguous description of backoff_factor (Pull 1436)

* Add ability to handle multiple Content-Encodings (Issue 1441 and Pull 1442)

* Skip DNS names that can't be idna-decoded when using pyOpenSSL (Issue 1405).

* Add a server_hostname parameter to HTTPSConnection which allows for
overriding the SNI hostname sent in the handshake. (Pull 1397)

* Drop support for EOL Python 2.6 (Pull 1429 and Pull 1430)

* Fixed bug where responses with header Content-Type: message/* erroneously
raised HeaderParsingError, resulting in a warning being logged. (Pull 1439)

* Move urllib3 to src/urllib3 (Pull 1409)

=================

* Allow providing a list of headers to strip from requests when redirecting
to a different host. Defaults to the ``Authorization`` header. Different
headers can be set via ``Retry.remove_headers_on_redirect``. (Issue 1316)

* Fix ``util.selectors._fileobj_to_fd`` to accept ``long`` (Issue 1247).

* Dropped Python 3.3 support. (Pull 1242)

* Put the connection back in the pool when calling stream() or read_chunked() on
a chunked HEAD response. (Issue 1234)

* Fixed pyOpenSSL-specific ssl client authentication issue when clients
attempted to auth via certificate + chain (Issue 1060)

* Add the port to the connectionpool connect print (Pull 1251)

* Don't use the ``uuid`` module to create multipart data boundaries. (Pull 1380)

* ``read_chunked()`` on a closed response returns no chunks. (Issue 1088)

* Add Python 2.6 support to ``contrib.securetransport`` (Pull 1359)

* Added support for auth info in url for SOCKS proxy (Pull 1363)