Recent SSL updates to the OpenSSL package have removed old DH parameters which are built into Sendmail mail server software, so the following are configuration updates to Sendmail (sendmail.cf) to enable the use of a longer DH Parameter to TLS\/SSL activity of Sendmail.<\/p>\n
First, create a longer DH Parameter file with:<\/p>\n
This should remove TLS\/SSL based email sending errors, which have maillog entries like:<\/p>\n FYI, Recent SSL updates to the OpenSSL package have removed old DH parameters which are built into Sendmail mail server software, so the following are configuration updates to Sendmail (sendmail.cf) to enable the use of a longer DH Parameter to TLS\/SSL … Continue reading openssl dhparam -out \/etc\/pki\/tls\/certs\/dhparams.pem 1024
\n<\/code>
\nThen configure the use of this dhparams.pem file into sendmail.cf with the following added to the ‘Options’ section of your sendmail.cf file:<\/p>\nO DHParameters=\/etc\/pki\/tls\/certs\/dhparams.pem
\n<\/code>
\nAnd then restart sendmail after making that sendmail.cf update.<\/p>\nSTARTTLS=server: 1867:error:14094417:SSL routines:SSL3_READ_BYTES:sslv3 alert illegal parameter:s3_pkt.c:1092:SSL alert number 47
\n<\/code><\/p>\n
\nRichard.<\/p>\n","protected":false},"excerpt":{"rendered":"