What were you trying to do that didn't work?

Updated RHEL9.6 system to RHEL 9.7, afterwards all outbound mail through Postfix involving TLS fails with compatibility error: 

Nov 12 11:16:02 f1-obfuscated_hostname.mydomain.com postfix/smtp[68953]: warning: run-time library vs. compile-time header version mismatch: OpenSSL 3.5.0 may not be compatible with OpenSSL 3.2.0 

Resulting in SSL_connect error and preventing outbound mail. 

What is the impact of this issue to you?

Customer reports complete and total mail server outage as all outbound mail flows through relay requiring TLS. Restored from pre-upgrade backup to resolve for now. 

Please provide the package NVR for which the bug is seen:

unknown

How reproducible is this bug?:

100% of internal testing attempts result in this behavior. 

Steps to reproduce

1. Stand up RHEL9.0-9.6 system. Install Postfix postfix-3.5.25-1.el9 and start resulting service. 
2. Update system to RHEL 9.7, or update OpenSSL and OpenSSL libs to 3.5.1-3.el9
3. After update and any necessary reboot if updating entire system, attempt to send message to a mail server that requires TLS, I used tminor@redhat.com in internal testing. Postfix will fail to send, with the reported error displayed in /var/log/maillog, or custom equivalent: 

Nov 12 16:17:46 tmlab-rhel9 postfix/smtp[4598]: warning: run-time library vs. compile-time header version mismatch: OpenSSL 3.5.0 may not be compatible with OpenSSL 3.2.0 

Expected results

Successful delivery of test message.  

Actual results

Failure as described above. 

Conceptually, this appears to be the inverse of a similar problem that occurred with the release of RHEL 9.5, where the new release of Postfix(3.5.25-1.el9) was not compatible with the previous release of OpenSSL, described here: 
https://access.redhat.com/solutions/7100609

Looks like a new release of Postfix, compiled against OpenSSL 3.5 is needed here.