diff --git a/CHANGES b/CHANGES
index d21dc9953e44c73d2662ff55a9543420a96d06a2..22b5a37702b9992b9f374766283cb9a188ee8118 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,39 @@
+2013.57 - 
+
+- Improved initial connection time particularly with high latency connections.
+  The number of round trips has been reduced for both client and server. 
+  CPU time hasn't been changed.
+
+- Client will attempt to send an initial key exchange packet to save a round
+  trip. Dropbear implements an extension kexguess2@matt.ucc.asn.au to allow
+  the first packet guess to succeed in wider circumstances than the standard
+  behaviour. When communicating with other implementations the standard
+  behaviour is used.
+
+- Client side: when public key or password authentication with
+  $DROPBEAR_PASSWORD is used, an initial authentication request will
+  be sent immediately rather than querying the list of available methods.
+  This behaviour is enabled by CLI_IMMEDIATE_AUTH option (on by default),
+  please let the Dropbear author know if it causes any interoperability
+  problems.
+
+- Implement client escape characters ~. (terminate session) and 
+  ~^Z (background session)
+
+- Server will more reliably clean up utmp when connection is closed
+
+- Don't crash if /dev/urandom isn't writable (RHEL5), thanks to Scott Case
+
+- Add "-y -y" client option to skip host key checking, thanks to Hans Harder
+
+- scp didn't work properly on systems using vfork(), thanks to Frank Van Uffelen
+
+- Added IUTF8 terminal mode support. Not yet standardised though seems that it
+  will soon be
+
+- Some verbose DROPBEAR_TRACE output is now hidden unless $DROPBEAR_TRACE2
+  enviroment variable is set 
+
 2013.56 - Thursday 21 March 2013
 
 - Allow specifying cipher (-c) and MAC (-m) lists for dbclient
diff --git a/cli-kex.c b/cli-kex.c
index 385910922b7a3715267c022723283fdd2f2b915a..e4d41cba721e83d21f8ca00ff7040f24cba37f83 100644
--- a/cli-kex.c
+++ b/cli-kex.c
@@ -61,8 +61,8 @@ void send_msg_kexdh_init() {
 	buf_putbyte(ses.writepayload, SSH_MSG_KEXDH_INIT);
 	buf_putmpint(ses.writepayload, cli_ses.dh_e);
 	encrypt_packet();
-	// XXX fixme
-	//ses.requirenext = SSH_MSG_KEXDH_REPLY;
+	ses.requirenext[0] = SSH_MSG_KEXDH_REPLY;
+	ses.requirenext[1] = SSH_MSG_KEXINIT;
 }
 
 /* Handle a diffie-hellman key exchange reply. */
@@ -118,7 +118,8 @@ void recv_msg_kexdh_reply() {
 	hostkey = NULL;
 
 	send_msg_newkeys();
-	ses.requirenext = SSH_MSG_NEWKEYS;
+	ses.requirenext[0] = SSH_MSG_NEWKEYS;
+	ses.requirenext[1] = 0;
 	TRACE(("leave recv_msg_kexdh_init"))
 }
 
diff --git a/common-kex.c b/common-kex.c
index 530de0bfd4e61a315bcd32087cdfcf1e1f90edd2..ba06e4f7e7de9cf28ffad90efb88466f09c3f7c8 100644
--- a/common-kex.c
+++ b/common-kex.c
@@ -542,7 +542,7 @@ void recv_msg_kexinit() {
 	    buf_putstring(ses.kexhashbuf,
 			ses.transkexinit->data, ses.transkexinit->len);
 
-		ses.requirenext = SSH_MSG_KEXDH_INIT;
+		ses.requirenext[0] = SSH_MSG_KEXDH_INIT;
 	}
 
 	buf_free(ses.transkexinit);
diff --git a/common-session.c b/common-session.c
index 6b357bf0d7f1b9db25bde83b796a7900cf848c74..9df0f3dfcb110ce03bd9c669b06cd14ec74ccb42 100644
--- a/common-session.c
+++ b/common-session.c
@@ -82,7 +82,7 @@ void common_session_init(int sock_in, int sock_out) {
 
 	initqueue(&ses.writequeue);
 
-	ses.requirenext = SSH_MSG_KEXINIT;
+	ses.requirenext[0] = SSH_MSG_KEXINIT;
 	ses.dataallowed = 1; /* we can send data until we actually 
 							send the SSH_MSG_KEXINIT */
 	ses.ignorenext = 0;
diff --git a/debug.h b/debug.h
index be098657002b567b6e5b9223aaff42eaafd6ab4c..289c5773c8e88339b2aa9477602f6528a2f64f4f 100644
--- a/debug.h
+++ b/debug.h
@@ -39,7 +39,7 @@
  * Caution: Don't use this in an unfriendly environment (ie unfirewalled),
  * since the printing may not sanitise strings etc. This will add a reasonable
  * amount to your executable size. */
-#define DEBUG_TRACE
+/* #define DEBUG_TRACE */
 
 /* All functions writing to the cleartext payload buffer call
  * CHECKCLEARTOWRITE() before writing. This is only really useful if you're
diff --git a/process-packet.c b/process-packet.c
index 128eb72bbf63a325a716c1a16a6d2a79a708ea35..3ac0c1b18fe72e5d7a2f6e89a496e0b0e045d20e 100644
--- a/process-packet.c
+++ b/process-packet.c
@@ -74,14 +74,15 @@ void process_packet() {
 
 	/* This applies for KEX, where the spec says the next packet MUST be
 	 * NEWKEYS */
-	if (ses.requirenext != 0) {
-		if (ses.requirenext != type) {
-			/* TODO send disconnect? */
+	if (ses.requirenext[0] != 0) {
+		if (ses.requirenext[0] != type
+				&& (ses.requirenext[1] == 0 || ses.requirenext[1] != type)) {
 			dropbear_exit("Unexpected packet type %d, expected %d", type,
 					ses.requirenext);
 		} else {
 			/* Got what we expected */
-			ses.requirenext = 0;
+			ses.requirenext[0] = 0;
+			ses.requirenext[1] = 0;
 		}
 	}
 
diff --git a/session.h b/session.h
index 4ba8ac8a01b0c031482f275714663fa39fbbfd41..28cb5a9e2832503e452f2b9a6dfeaaeaae23ce65 100644
--- a/session.h
+++ b/session.h
@@ -135,8 +135,9 @@ struct sshsession {
 	unsigned dataallowed : 1; /* whether we can send data packets or we are in
 								 the middle of a KEX or something */
 
-	unsigned char requirenext; /* byte indicating what packet we require next, 
-								or 0x00 for any */
+	unsigned char requirenext[2]; /* bytes indicating what packets we require next, 
+									 or 0x00 for any. Second option can only be
+									 used if the first byte is also set */
 
 	unsigned char ignorenext; /* whether to ignore the next packet,
 								 used for kex_follows stuff */
diff --git a/svr-kex.c b/svr-kex.c
index abd7986f0cce161489c24981b086e5dfe1421603..e56f0827cce16a5628fe56d986c6b5ad4c762712 100644
--- a/svr-kex.c
+++ b/svr-kex.c
@@ -61,7 +61,8 @@ void recv_msg_kexdh_init() {
 	mp_clear(&dh_e);
 
 	send_msg_newkeys();
-	ses.requirenext = SSH_MSG_NEWKEYS;
+	ses.requirenext[0] = SSH_MSG_NEWKEYS;
+	ses.requirenext[1] = 0;
 	TRACE(("leave recv_msg_kexdh_init"))
 }