Urllib3

=================

* Fixed ``pip install urllib3[secure]`` on modern pip. (Issue 706)

* pyopenssl: Fixed SSL3_WRITE_PENDING error. (Issue 717)

* pyopenssl: Support for TLSv1.1 and TLSv1.2. (Issue 696)

* Close connections more defensively on exception. (Issue 734)

* Adjusted ``read_chunked`` to handle gzipped, chunk-encoded bodies without
repeatedly flushing the decoder, to function better on Jython. (Issue 743)

* Accept ``ca_cert_dir`` for SSL-related PoolManager configuration. (Issue 758)

=================

* Rely on ``six`` for importing ``httplib`` to work around
conflicts with other Python 3 shims. (Issue 688)

* Add support for directories of certificate authorities, as supported by
OpenSSL. (Issue 701)

* New exception: ``NewConnectionError``, raised when we fail to establish
a new connection, usually ``ECONNREFUSED`` socket error.

=================

* When ``ca_certs`` is given, ``cert_reqs`` defaults to
``'CERT_REQUIRED'``. (Issue 650)

* ``pip install urllib3[secure]`` will install Certifi and
PyOpenSSL as dependencies. (Issue 678)

* Made ``HTTPHeaderDict`` usable as a ``headers`` input value
(Issues 632, 679)

* Added `urllib3.contrib.appengine <https://urllib3.readthedocs.io/en/latest/contrib.html#google-app-engine>`_
which has an ``AppEngineManager`` for using ``URLFetch`` in a
Google AppEngine environment. (Issue 664)

* Dev: Added test suite for AppEngine. (Issue 631)

* Fix performance regression when using PyOpenSSL. (Issue 626)

* Passing incorrect scheme (e.g. ``foo://``) will raise
``ValueError`` instead of ``AssertionError`` (backwards
compatible for now, but please migrate). (Issue 640)

* Fix pools not getting replenished when an error occurs during a
request using ``release_conn=False``. (Issue 644)

* Fix pool-default headers not applying for url-encoded requests
like GET. (Issue 657)

* log.warning in Python 3 when headers are skipped due to parsing
errors. (Issue 642)

* Close and discard connections if an error occurs during read.
(Issue 660)

* Fix host parsing for IPv6 proxies. (Issue 668)

* Separate warning type SubjectAltNameWarning, now issued once
per host. (Issue 671)

* Fix ``httplib.IncompleteRead`` not getting converted to
``ProtocolError`` when using ``HTTPResponse.stream()``
(Issue 674)

===================

* Migrate tests to Tornado 4. (Issue 594)

* Append default warning configuration rather than overwrite.
(Issue 603)

* Fix streaming decoding regression. (Issue 595)

* Fix chunked requests losing state across keep-alive connections.
(Issue 599)

* Fix hanging when chunked HEAD response has no body. (Issue 605)

===================

* Emit ``InsecurePlatformWarning`` when SSLContext object is missing.
(Issue 558)

* Fix regression of duplicate header keys being discarded.
(Issue 563)

* ``Response.stream()`` returns a generator for chunked responses.
(Issue 560)

* Set upper-bound timeout when waiting for a socket in PyOpenSSL.
(Issue 585)

* Work on platforms without `ssl` module for plain HTTP requests.
(Issue 587)

* Stop relying on the stdlib's default cipher list. (Issue 588)

===================

* Fix file descriptor leakage on retries. (Issue 548)

* Removed RC4 from default cipher list. (Issue 551)

* Header performance improvements. (Issue 544)

* Fix PoolManager not obeying redirect retry settings. (Issue 553)