> On Jun 17, 2020, at 9:34 PM, Peter <pe...@pajamian.dhs.org> wrote:
>
> I'd like to avoid this if possible. CentOS 7 has openssl 1.0.2k and doesn't
> go EOL until 2024. I'd like to be able to support new Postfix releases for
> it for at least another two or three years.
Postfix 3.5 will be supported until 3.9 comes out. The only
major changes I'd expect in 3.6, 3.7 and 3.8 that you might
want on some older platforms would in fact be support for
newer versions of OpenSSL and the like, but then you don't
need OpenSSL 1.0.2 (no longer supported upstream).
So you can keep using Centos 7 till 2024 if you wish, but the
latest supported Postfix would be 3.5, plus whatever backports
the vendor decides to do.
Continuing to support OpenSSL 1.0.2 holds back progress and has
a non-trivial complexity cost. It is time to move on. OpenSSL
3.0 will ship soon, and it gets increasingly difficult to cover
the full spectrum of features from 1.0.2 through 3.0.0.
--
Viktor.
