Just a heads-up that the lack of OpenSSL 3.5 is blocking anyone using Rocky 9 or 10 from installing the latest PostgreSQL patches released on 13/Nov/2025, as discussed here:
This was discussed on the Rocky forums already, so I guess we’re blocked from patching PostgreSQL until Rocky 9.7 / 10.1 drops. Hopefully it’s no too far off. 
Rough estimates, sometime next week or the week after for Rocky 9.7 and 10.1 as per here: Rocky 9.7, Rocky 10.1 and EPEL
I have similar issues for example on Fedora. When I update to a new Fedora release, I have to wait for a new PGAdmin release to be made as it’s always behind by a few weeks. Here is the other way, since RHEL has released 10.1, then Postgres are already ready for it.
Basically currently, the Postgres situation is exactly the same as EPEL or any other third party repository that has already rebased to 9.7 or 10.1 dependencies and resolved when Rocky releases.
Technically, we (users) install packages, not patches. I presume that the “latest PostgreSQL patches” means packages in third-party repo that have been built for el9_7 and/or el10_1. Yes, those cannot be installed to el9_6 and el10_0 systems, respectively.
RHEL (and hence Rocky) have PostgreSQL packages in their own repositories too.
RHEL 9.7 has what it has and Rocky 9.6 has with it has. When Rocky 9.7 is released, it will have same as RHEL 9.7.
If the issues fixed by latest PostgreSQL patches are critical, then Red Hat is likely to backport them to versions of PostgreSQL that are in RHEL 9.6 and RHEL 10.0 – for the paying EUS subscribers of RHEL. Rocky will not get those “patches”.
Yeah this bit me last night. Discovered I could not do rpm updattes to my postgres community postgres packages.
Good news is this will EVENTUALLY resolve itself once Rocky updates are published (and work their way through my katello/foreman infrastructure).
Bad news is until then I just have to exclude updating any postgresql-anything on my hosts until then.
To provide some info that may hopefully benefit someone ELSE encountering this, the following is my example of what happens on a Rocky (9.6) server trying to update (OR INSTALL)) postgres-community things:
Error:
Problem 1: cannot install the best update candidate for package postgresql16-contrib-16.10-1PGDG.rhel9.x86_64
nothing provides libcrypto.so.3(OPENSSL_3.4.0)(64bit) needed by postgresql16-contrib-16.11-1PGDG.rhel9.x86_64 from pgdg16
Problem 2: problem with installed package postgresql16-contrib-16.10-1PGDG.rhel9.x86_64
package postgresql16-contrib-16.10-1PGDG.rhel9.x86_64 from
requires postgresql16(x86-64) = 16.10-1PGDG.rhel9, but none of the providers can be installed
package postgresql16-contrib-16.10-1PGDG.rhel9.x86_64 from pgdg16 requires postgresql16(x86-64) = 16.10-1PGDG.rhel9, but none of the providers can be installed
cannot install both postgresql16-16.11-1PGDG.rhel9.x86_64 from pgdg16 and postgresql16-16.10-1PGDG.rhel9.x86_64 from
cannot install both postgresql16-16.11-1PGDG.rhel9.x86_64 from pgdg16 and postgresql16-16.10-1PGDG.rhel9.x86_64 from pgdg16
cannot install the best update candidate for package postgresql16-16.10-1PGDG.rhel9.x86_64
nothing provides libcrypto.so.3(OPENSSL_3.4.0)(64bit) needed by postgresql16-contrib-16.11-1PGDG.rhel9.x86_64 from pgdg16
(try to add ‘–allowerasing’ to command line to replace conflicting packages or ‘–skip-broken’ to skip uninstallable packages or ‘–nobest’ to use not only best candidate packages)
With, for example:
dnf --disablerepo=epel,pgdg* up
That is, ad hoc exclude the problematic third-party repos in the upgrade command.
On the “bright side”, there should be no more updates for Rocky 9.6 and 10.0 because corresponding RHELs do not get any public updates now that the next point updates are released.
That is, no likely need to run ‘dnf up’ until 9.7 and 10.1 are out.
Thanks everyone. The root cause is the RPMs are built on RHEL, which released 9.7 & 10.1 just prior to the PostgreSQL release. Once we’re on similar Rocky versions then the problem will be solved, but I just wanted to call it out in case others were suffering with the same issue.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.