+This is a pre-release
+---------------------
+
+Please note that this is NOT a stable release. Until version 1.1.0 is released,
+please use one of the 1.0.x versions if you need a stable version of tinc.
+
+Although tinc 1.1 will be protocol compatible with tinc 1.0.x, the
+functionality of the tinc program may still change, and the control socket
+protocol is not fixed yet.
+
+
+Security statement
+------------------
+
+This version uses an experimental and unfinished cryptographic protocol. Use it
+at your own risk.
+
+When connecting to nodes that use the legacy protocol used in tinc 1.0, be
+aware that any security issues in tinc 1.0 will apply to tinc 1.1 as well. On
+September 6th, 2018, Michael Yonly contacted us and provided proof-of-concept
+code that allowed a remote attacker to create an authenticated, one-way
+connection with a node using the legacy protocol, and also that there was a
+possibility for a man-in-the-middle to force UDP packets from a node to be sent
+in plaintext. The first issue was trivial to exploit on tinc versions prior to
+1.0.30, but the changes in 1.0.30 to mitigate the Sweet32 attack made this
+weakness much harder to exploit. These issues have been fixed in tinc 1.0.35
+and tinc 1.1pre17. The new protocol in the tinc 1.1 branch is not susceptible
+to these issues. However, be aware that SPTPS is only used between nodes
+running tinc 1.1pre* or later, and in a VPN with nodes running different
+versions, the security might only be as good as that of the oldest version.
+
+
+Compatibility
+-------------
+
+Version 1.1pre17 is compatible with 1.0pre8, 1.0 and later, but not with older
+versions of tinc.
+
+When the ExperimentalProtocol option is used, tinc is still compatible with
+1.0.X, 1.1pre11 and later, but not with any version between 1.1pre1 and
+1.1pre10.
+
+