What is the difference between 10 and 11?

(I tried to search for "difference between 10 and 11" and the search excluded "10" "and" "11" for being too common, too short, etc - so the "search" results were totally irrelevant.)

I have a server running FreeBSD 10.3, I'm going to upgrade to either 10.4 or 11.1. I've looked at the release notes for both, and it looks like the same changes are listed in each of them - updates appear to be being cross-posted between the two branches.

Given this landscape, what does 11 have that 10 does not? Is there a reason why I would want to change to 11, other than 10 will lose support sooner?

Where can I find a definitive list of features, etc. that are different between 10 and 11?
Not a definitive list, but I would start looking at the FreeBSD 11.0 Release Notes and the What's New wiki page. Some features may be developed in both branches in parallel, some may be backported to the 10 branch, so it is still search and compare.

I would narrow it for me to two question - Does this change break something for me? or Does this change bring in some new feature I can't live without? For me in time of 11.0 it was OpenSSL 1.0.2 in base which enable HTTP/2 and ALPN for nginx without messing with the openssl port.


Profile disabled
If you need IPsec, then you want 11.1, since the IPsec stack has been largely improved since 10.3, for example:
  • On 11.1 IPsec and NAT-T is built-in to the kernel, no need anymore for building a custom one; on 10.4 it is not.

  • UDP checksum handling in IPsec NAT-T packets has been fixed for 11.1, and finally works with Windows clients out of the box; I can't tell if these fixes were back ported to 10, though.

  • Hardware AES support has been added to IPsec.
Be warned that version 11 has also changed its support model. So instead of having a fixed date up front it's now a little bit of a guess when the next version will be released (around 6 months time intervals as a rule of thumb). So right now an 11 version will be supported no longer than 3 months after the next release. See also this page.

Personally I'd suggest setting up 11.1. There are a few notable changes, one of which being blacklistd(8) which can be very convenient.