TLS/SSL config updates to Sendmail for recent OpenSSL versions

Recent SSL updates to the OpenSSL package have removed old DH parameters which are built into Sendmail mail server software, so the following are configuration updates to Sendmail ( to enable the use of a longer DH Parameter to TLS/SSL activity of Sendmail.

First, create a longer DH Parameter file with:

openssl dhparam -out /etc/pki/tls/certs/dhparams.pem 1024

Then configure the use of this dhparams.pem file into with the following added to the ‘Options’ section of your file:

O DHParameters=/etc/pki/tls/certs/dhparams.pem

And then restart sendmail after making that update.

This should remove TLS/SSL based email sending errors, which have maillog entries like:

STARTTLS=server: 1867:error:14094417:SSL routines:SSL3_READ_BYTES:sslv3 alert illegal parameter:s3_pkt.c:1092:SSL alert number 47


This entry was posted in Network Presence and tagged , , , . Bookmark the permalink.