DevHeads.net

openssl 1.0.2 and TLS 1.3]

----- Forwarded message from Matt Caswell < ... at openssl dot org> -----

User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
Thunderbird/52.9.1

On 11/09/18 14:58, The Doctor wrote:
Yes. I would encourage *all* applications still on the 1.0.x API to move
to 1.1.1 asap. By the end of next year there will be no supported
OpenSSL version that has the old API.

Matt

Comments

Re: openssl 1.0.2 and TLS

By Viktor Dukhovni at 09/11/2018 - 10:20

All supported Postfix releases (3.0, 3.1, 3.2, 3.3 and the 3.4 snapshots)
work with OpenSSL 1.1.x at their most recent patch levels. This was done
some time back.

Some new features in OpenSSL 1.1.1 could use new controls on the
Postfix side (though this is not essential), I'll try to get those
added this year.

Re: openssl 1.0.2 and TLS

By Viktor Dukhovni at 09/11/2018 - 16:25

Small correction, not all the "bitrot" patches for 3.0 got merged, so
Postfix support for OpenSSL >= 1.1.x starts with Postfix 3.1.