On 2020-07-06, Rupert Gallagher ruga@protonmail.com wrote:
Both Dovecot and OpenDKIM packages on OpenBSD are rejecting connections because of CRYPTO, and they use libressl by default.
That's best reported with information (at least version numbers of software involved, relevant logs, and info about which server is having problems) to the package maintainer and/or libressl developers.
I use openssl because libressl does not implement dane, so I am recompiling both to serve my use case, and sharing results along the way.
It is difficult to correctly build against openssl on a system where the OS and all other packages use libressl. If you mix the two (i.e. headers from libressl and library from openssl or vice-versa, or linking against libraries that pull in "the other" library than you're using - the obvious example in the case of Dovecot would be ldap/mariadb/pgsql libraries) then you can expect it to fail, possibly in exciting ways.