A significant change to sendmail in version 8.15 is the inclusion of ClientSSLOptions, the SSL related options for the client side, and ServerSSLOptions, the SSL related options for the server side. This feature enables sendmail to narrow the SSL options used, whether acting as a client or a server. The feature is also useful in restricting older versions of SSL, resulting in increased security.
You can configure ServerSSLOptions in the system's .mc file. For example, to the .mc file, add the following line:
define(`confSERVER_SSL_OPTIONS', `SSL_OP_NO_SSLv2,SSL_OP_NO_SSLv3')dnl
This configuration results in the following output in the /etc/mail/sendmail.cf file.
O ServerSSLOptions=SSL_OP_NO_SSLv2,SSL_OP_NO_SSLv3
For more information, see the sendmail(8) man page. You can also see the NOTES section of SSL_CTX_set_options(3openssl) man page.