The latest Postfix releases are now available in my yum repos and include the following fixes.
Changes for all supported stable releases:
Support for OpenSSL 1.1.1, and support for TLSv1.3-specific
Updated Postfix TLS documentation examples for TLSv1.3.
New TLSv1.3-specific attributes in Postfix logging and in
Postfix "Received:" message headers: key exchange, server signature,
New option to selectively disable TLSv1.3 in *_tls_protocols
New server-side support to avoid issuing multiple session
New support to allow OpenSSL >= 1.1.0 run-time micro version
bumps without logging Postfix warnings about library version
Fixed in all stable releases:
Bugfix: smtpd_discard_ehlo_keywords could not disable
"SMTPUTF8", because some lookup table was using "EHLO_MASK_SMTPUTF8"
Bugfix: minor memory leak in DANE support when minting
issuer certs. This affects a tiny minority of use cases.
Changes for Postfix 3.0.14:
Additional Postfix TLS library updates to catch up with
Postfix 3.1 and later. This was necessary to make support for
OpenSSL 1.1.1 and TLSv1.3 feasible.