Optional update for postfix-openssl1
SUSE Optional Update: Optional update for postfix-openssl1
This update provides an optional Postfix Mail Server
package built against OpenSSL 1.0 that allows the use of
TLS 1.2 for both sending and receiving e-mails.
The set of RPMs is named "postfix-openssl1" (and
sub-packages).
The package is in the same source level as the regular
"postfix" from SUSE Linux Enterprise and consequently uses
and supports the same configuration parameters.
Postfix-openssl1 requires the usage of OpenSSL1.0-enabled
versions of openldap2 and cyrus-sasl libraries.
If other libraries are used by your Postfix installation
that indirectly require OpenSSL 0.9.x, this setup might
not always work. It is strongly recommended to do
integration tests before deploying the packages in a
production environment.
To switch from Postfix with OpenSSL 0.9.x to OpenSSL 1.0:
* Backup the Postfix configuration files.
* Run: "zypper in postfix-openssl1" o Zypper will
report conflicts with postfix (and potentially with
-mysql, -postgresql and -doc sub-packages). o
As conflict resolution chose to migrate to postfix-openssl1
flavoured packages and uninstall the old postfix.
* Restore the configuration files (they have also been
saved as .rpmsave files).
* Start postfix and verify that all features work.
| Announcement ID: | SUSE-OU-2014:0566-1 |
| Rating: | low |
| References: | #864912 #874744 #874746 |
| Affected Products: |
An update that has three optional fixes can now be installed.
Description:
This update provides an optional Postfix Mail Server
package built against OpenSSL 1.0 that allows the use of
TLS 1.2 for both sending and receiving e-mails.
The set of RPMs is named "postfix-openssl1" (and
sub-packages).
The package is in the same source level as the regular
"postfix" from SUSE Linux Enterprise and consequently uses
and supports the same configuration parameters.
Postfix-openssl1 requires the usage of OpenSSL1.0-enabled
versions of openldap2 and cyrus-sasl libraries.
If other libraries are used by your Postfix installation
that indirectly require OpenSSL 0.9.x, this setup might
not always work. It is strongly recommended to do
integration tests before deploying the packages in a
production environment.
To switch from Postfix with OpenSSL 0.9.x to OpenSSL 1.0:
* Backup the Postfix configuration files.
* Run: "zypper in postfix-openssl1" o Zypper will
report conflicts with postfix (and potentially with
-mysql, -postgresql and -doc sub-packages). o
As conflict resolution chose to migrate to postfix-openssl1
flavoured packages and uninstall the old postfix.
* Restore the configuration files (they have also been
saved as .rpmsave files).
* Start postfix and verify that all features work.
Indications:
Update for an optional TLS 1.2 enabled Postfix.
Patch Instructions:
To install this SUSE Optional Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Security Module 11 SP3:
zypper in -t patch secsp3-postfix-openssl1-9158
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Security Module 11 SP3 (i586 ia64 ppc64 s390x x86_64):
- postfix-openssl1-2.9.4-0.19.1
- postfix-openssl1-devel-2.9.4-0.19.1
- postfix-openssl1-doc-2.9.4-0.19.1
- postfix-openssl1-mysql-2.9.4-0.19.1
- postfix-openssl1-postgresql-2.9.4-0.19.1
References:
- https://bugzilla.novell.com/864912
- https://bugzilla.novell.com/874744
- https://bugzilla.novell.com/874746
- http://download.suse.com/patch/finder/?keywords=fdae3d486e2bc75924b4571b08a72780