[An on-line version of this announcement will be available at

Changes for all supported stable releases:

  * Support for OpenSSL 1.1.1, and support for TLSv1.3-specific

      - Updated Postfix TLS documentation examples for TLSv1.3. See

      - New TLSv1.3-specific attributes in Postfix logging and in
        Postfix "Received:" message headers: key exchange, server
        signature, client signature.

      - New option to selectively disable TLSv1.3 in *_tls_protocols

      - New server-side support to avoid issuing multiple session

      - New support to allow OpenSSL >= 1.1.0 run-time micro version
        bumps without logging Postfix warnings about library version

Fixed in all stable releases:

  * Bugfix: smtpd_discard_ehlo_keywords could not disable "SMTPUTF8",
    because some lookup table was using "EHLO_MASK_SMTPUTF8" instead.

  * Bugfix: minor memory leak in DANE support when minting issuer
    certs. This affects a tiny minority of use cases.

Fixed in Postfix 3.3.2:

  * Bugfix: the Postfix build did not abort if the m4 command was
    not installed, resulting in a broken postconf command.

Changes for Postfix 3.0.14:

  * Additional Postfix TLS library updates to catch up with Postfix
    3.1 and later. This was necessary to make support for OpenSSL
    1.1.1 and TLSv1.3 feasible.

You can find the updated Postfix source code at the mirrors listed
at http://www.postfix.org/.


Reply via email to