Recent SSL updates to the OpenSSL package have removed old DH parameters which are built into Sendmail mail server software, so the following are configuration updates to Sendmail (sendmail.cf) to enable the use of a longer DH Parameter to TLS/SSL activity of Sendmail.
First, create a longer DH Parameter file with:
openssl dhparam -out /etc/pki/tls/certs/dhparams.pem 1024
Then configure the use of this dhparams.pem file into sendmail.cf with the following added to the ‘Options’ section of your sendmail.cf file:
O DHParameters=/etc/pki/tls/certs/dhparams.pem
And then restart sendmail after making that sendmail.cf update.
This should remove TLS/SSL based email sending errors, which have maillog entries like:
STARTTLS=server: 1867:error:14094417:SSL routines:SSL3_READ_BYTES:sslv3 alert illegal parameter:s3_pkt.c:1092:SSL alert number 47
FYI,
Richard.