> On Aug 15, 2018, at 8:54 AM, Bill Cole
> <postfixlists-070...@billmail.scconsult.com> wrote:
>
>> But I don't want to make the mistake of turning it on just to be current, if
>> I then make it impossible to communicate with my servers.
>
> Typically there is no need to "turn on" TLS versions in Postfix, it is only a
> matter of how your Postfix is built and what libraries you have installed for
> the build and at runtime. Given OpenSSL history, I would expect that
> switching to v1.1.1 will require a rebuild of Postfix.
OpenSSL 1.1.1 is ABI-compatible with OpenSSL 1.1.0 and the library
has the same SONAME. Therefore, if a system is upgraded to OpenSSL
1.1.1, Postfix will use 1.1.1 without a rebuild. That said, I would
not expect OS distributions to do that. They'll ship 1.1.1 with
a newer OS release, with packages built against 1.1.1.
--
Viktor.
- New to Postfix. 3 questions about security functions. robacons
- Re: New to Postfix. 3 questions about security funct... Viktor Dukhovni
- Re: New to Postfix. 3 questions about security f... Viktor Dukhovni
- Re: New to Postfix. 3 questions about security funct... Gary
- Re: New to Postfix. 3 questions about security fu... Dominic Raferd
- Re: New to Postfix. 3 questions about securit... robacons
- Re: New to Postfix. 3 questions about sec... Dominic Raferd
- Re: New to Postfix. 3 questions about sec... Viktor Dukhovni
- Re: New to Postfix. 3 questions about sec... Gary
- Re: New to Postfix. 3 questions about security funct... Bill Cole
- Re: New to Postfix. 3 questions about security f... Viktor Dukhovni
- Re: New to Postfix. 3 questions about securit... A. Schulze
- Re: New to Postfix. 3 questions about sec... Viktor Dukhovni
- Re: New to Postfix. 3 questions abou... Wietse Venema
- Re: New to Postfix. 3 questions ... Viktor Dukhovni
