Am 28.07.2014 14:03, schrieb Patrick Ben Koetter: > * Patrick Ben Koetter <postfix-users@postfix.org>: >> * Wietse Venema <wie...@porcupine.org>: >>> Patrick Ben Koetter: >>>> Greetings, >>>> >>>> I am experiencing troubles enabling outbound DANE on a RHEL 6.5 system: >>>> >>>> warning: sys4.de: dane configured, but no requisite library support >>>> >>>> <http://postfix.1071664.n5.nabble.com/Client-side-DANE-minimum-openssl-version-td67768.html> >>>> suggests, the underlying openssl library is too old. Viktor writes at least >>>> openssl 1.0.0 would be required. >>>> >>>> The machine in questions runs OpenSSL 1.0.1e-fips. This is where I got >>>> stuck. >>> >>> Why the hell are you using FIPS? >> >> Because I like pain? Probably because the packet manager pulled it from some >> repo. I'll have a look. > > The FIPS version has been pulled from RedHats own repositories: > > Name : openssl > Arch : x86_64 > Version : 1.0.1e > Release : 16.el6_5.14 > Size : 4.0 M > Repo : installed > From repo : rhel-6-server-rpms > Summary : A general purpose cryptography library with TLS implementation > URL : http://www.openssl.org/ > License : OpenSSL > Description : The OpenSSL toolkit provides support for secure communications > between > : machines. OpenSSL includes a certificate management tool and > shared > : libraries which provide various cryptographic algorithms and > : protocols
just don't call that "OpenSSL 1.0.1e-fips" which implies you are running in FIPS mode or using a special package - that's where the confusion came from that's the ordinary openssl package [root@openvas:~]$ rpm -qa | grep openssl openssl-1.0.1e-16.el6_5.14.x86_64
