On Fri, 10 Jul 2015, R P Herrold wrote:
We reached the following addition of a DH parameters file
solution, which also solved the authentication issue for
certain Apple email clients on IOS 8.4 (an update within the
last month)
sendmail.mc fragment
define(`CERT_DIR', `/etc/pki/tls')dnl
define(`confCACERT_PATH', `CERT_DIR')dnl
dnl https://www.sendmail.com/sm/open_source/docs/m4/tweaking_config.html dnl
dnl http://weldon.whipple.org/sendmail/wwstarttls.html#DHParams dnl
dnl http://lists.freebsd.org/pipermail/freebsd-questions/2015-June/266456.htm
dnl > 3. If a setting for confDH_PARAMETERS exists and is set to dnl
dnl > a file path, create a new file with: dnl
dnl > openssl dhparam -out /path/to/file 2048 dnl
dnl > for 2048-bit dnl
dnl *** USED *** dnl
dnl so: openssl dhparam -out /etc/pki/tls/certs/DH-options.pem 2048 dnl
dnl dnl
define(`confDH_PARAMETERS', `CERT_DIR/certs/DH-options.pem')dnl
-- Russ herrold