Hi, I'm trying to get client side TLSA/DANE working on a SLES11 SP3 system with openssl 0.9.8j and Postfix 2.11.1.
When the smtp client tries to connect to the destination system, the following is logged: May 8 22:23:11 mail postfix-rz-out/smtp[22203]: warning: cannot generate TA certificates, no trust-anchor or DANE support May 8 22:23:11 mail postfix-rz-out/smtp[22203]: warning: petri-markus.de: dane configured, but no requisite library support May 8 22:23:11 mail postfix-rz-out/smtp[22203]: Untrusted TLS connection established to marge.ceotex.de[2a01:4f8:140:6ffb::24]:25: TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits) I suspect, that the distributed openssl library is too old, but I may be wrong. Any clues?
