Changes:
- [+] #679 remove TRA_HS_CERTIFICATE_VERIFY_FAIL (0x1FE) from reserved CRYPTO_ERROR range @dreamwind1985
- [+] #678 fix off-by-one in stateless reset minimum packet length check @dreamwind1985
- [+] fix crypto frame flood vulnerability (CWE-770): limit buffered out-of-order CRYPTO frame count and bytes per crypto stream, reject excessive sparse fragments @dreamwind1985
- [+] #561 reject zero-length CID in NEW_CONNECTION_ID parsing @dreamwind1985
- [~] fix buffer overflow: xqc_vsprintf memory out of bounds, '�' not correctly assigned when buffer is full @dreamwind1985
- [~] fix QPACK DDoS: add max_blocked_buf_per_stream and max_blocked_buf_per_conn to limit blocked data caching @dreamwind1985
- [~] fix SSL_use_certificate/SSL_set1_chain ordering, NULL deref in forbidden header check, anti-amplification default limit to 3 @dreamwind1985
- [~] #709 send no_application_protocol on ALPN failure per RFC 9001 8.1 @Yanmei-Liu
- [=] clarify AES-CTR HP mask equivalence to RFC 9001 AES-ECB (#696) @Yanmei-Liu
- [=] document supported TLS 1.3 cipher suites @Yanmei-Liu
Compatibility Notes:
- Peers sending excessive out-of-order CRYPTO frames will now trigger connection error (CWE-770 fix) - previously such frames were buffered indefinitely.
- QPACK blocked stream/conn limits are now enforced - applications using very large header blocks may see H3_DATA_EXCEED_LIMIT errors.
- NEW_CONNECTION_ID frames with zero-length CID are now rejected per RFC 9000 - previously they were silently accepted.
- ALPN negotiation failure now sends no_application_protocol alert per RFC 9001 8.1 - previously the connection was silently closed.
- TRA_HS_CERTIFICATE_VERIFY_FAIL (0x1FE) is no longer mapped to a reserved CRYPTO_ERROR code - custom error handlers relying on this specific code mapping may need updating.