diff -ru sendmail-8.14.7/sendmail/readcf.c sendmail-8.14.7-new/sendmail/readcf.c
--- sendmail-8.14.7/sendmail/readcf.c	2013-03-15 17:54:12.000000000 +0000
+++ sendmail-8.14.7-new/sendmail/readcf.c	2013-06-24 14:26:01.000000000 +0100
@@ -2303,13 +2303,16 @@
 	long		sslopt_bits;	/* bits to set/clear */
 } SSL_Option[] =
 {
-/* these are turned on by default */
+/* Bugs (and some others) are turned on by default */
 #ifdef SSL_OP_MICROSOFT_SESS_ID_BUG
 	{ "SSL_OP_MICROSOFT_SESS_ID_BUG",	SSL_OP_MICROSOFT_SESS_ID_BUG	},
 #endif
 #ifdef SSL_OP_NETSCAPE_CHALLENGE_BUG
 	{ "SSL_OP_NETSCAPE_CHALLENGE_BUG",	SSL_OP_NETSCAPE_CHALLENGE_BUG	},
 #endif
+#ifdef SSL_OP_LEGACY_SERVER_CONNECT 
+	{ "SSL_OP_LEGACY_SERVER_CONNECT",	SSL_OP_LEGACY_SERVER_CONNECT	},
+#endif
 #ifdef SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
 	{ "SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG",	SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG	},
 #endif
@@ -2346,9 +2349,18 @@
 #ifdef SSL_OP_NO_TICKET
 	{ "SSL_OP_NO_TICKET",	SSL_OP_NO_TICKET	},
 #endif
+#ifdef SSL_OP_CISCO_ANYCONNECT
+	{ "SSL_OP_CISCO_ANYCONNECT",	SSL_OP_CISCO_ANYCONNECT	},
+#endif
 #ifdef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
 	{ "SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION",	SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION	},
 #endif
+#ifdef SSL_OP_NO_COMPRESSION
+	{ "SSL_OP_NO_COMPRESSION",	SSL_OP_NO_COMPRESSION	},
+#endif
+#ifdef SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
+	{ "SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION",	SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION	},
+#endif
 #ifdef SSL_OP_SINGLE_ECDH_USE
 	{ "SSL_OP_SINGLE_ECDH_USE",	SSL_OP_SINGLE_ECDH_USE	},
 #endif
@@ -2373,6 +2385,12 @@
 #ifdef SSL_OP_NO_TLSv1
 	{ "SSL_OP_NO_TLSv1",	SSL_OP_NO_TLSv1	},
 #endif
+#ifdef SSL_OP_NO_TLSv1_2
+	{ "SSL_OP_NO_TLSv1_2",	SSL_OP_NO_TLSv1_2	},
+#endif
+#ifdef SSL_OP_NO_TLSv1_1
+	{ "SSL_OP_NO_TLSv1_1",	SSL_OP_NO_TLSv1_1	},
+#endif
 #ifdef SSL_OP_PKCS1_CHECK_1
 	{ "SSL_OP_PKCS1_CHECK_1",	SSL_OP_PKCS1_CHECK_1	},
 #endif
@@ -2385,6 +2403,9 @@
 #ifdef SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
 	{ "SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG",	SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG	},
 #endif
+#ifdef SSL_OP_CRYPTOPRO_TLSEXT_BUG
+	{ "SSL_OP_CRYPTOPRO_TLSEXT_BUG",	SSL_OP_CRYPTOPRO_TLSEXT_BUG	},
+#endif
 	{ NULL,		0		}
 };
 #endif /* STARTTLS && _FFR_TLS_1 */