OpenSSL 4.0 does away with a lot of old code for this widely used library. On the new feature side, OpenSSL 4.0 is adding support for TLS Encrypted Client Hello (a.k.a. RFC 9849). Encrypted Client Hello is a security feature for TLS that allows encrypting the initial handshake's Client Hello message to hide the Server Name Indication so that destination hostnames are not leaked. ECH is a replacement for Encrypted Server Name Indication (ESNI).
