But you did not also upgrade Postfix, which was built with OpenSSL 3.0.0.
Installed Packages
Name : postfix
Epoch : 2
Version : 3.5.25
Release : 1.el9
Architecture : x86_64
Size : 4.4 M
Source : postfix-3.5.25-1.el9.src.rpm
Repository : @System
From repo : ol9_appstream
Summary : Postfix Mail Transport Agent
URL : http://www.postfix.org
License : (IBM and GPLv2+) or (EPL-2.0 and GPLv2+)
Description : Postfix is a Mail Transport Agent (MTA).
This is the latest package my OS (RHEL9/OL9) is offering. I just tried
checking if ghettoforge.org might have a RHEL repo with a newer version but
it isn't loading for me right now.
So Postfix issues a warning that the new OpenSSL libraries are not what it
was built with.
More recent Postfix releases will accept the same OpenSSL "major number" (if
3 or higher),
provided the "minor.micro" number did not move backward.
[root@host /]# ldd /usr/libexec/postfix/smtpd
...
libssl.so.3 => /lib64/libssl.so.3 (0x00007f134bfca000)
libcrypto.so.3 => /lib64/libcrypto.so.3 (0x00007f134bab1000)
libcrypt.so.2 => /lib64/libcrypt.so.2 (0x00007f134b6c9000)
libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x00007f134b57e000)
[root@host /]# ldd /usr/libexec/postfix/smtp
...
libcrypto.so.3 => /lib64/libcrypto.so.3 (0x00007fe4555fe000)
libssl.so.3 => /lib64/libssl.so.3 (0x00007fe455310000)
libcrypt.so.2 => /lib64/libcrypt.so.2 (0x00007fe454f28000)
libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x00007fe454ddd000)
This is what the packages were built with. Is this right/wrong? Do I have
options that don't involve building from source? Do I need to wait until the
package maintainers build against a newer SSL?
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
