dovecot: prefer client cipher list

All ciphers in TLSv1.2/TLSv1.3 are considered secure, so we can allow the client to choose the most performant cipher according to their hardware and software configuration. This is in line with general recommendations, e.g. by Mozilla[1]. [1] https://wiki.mozilla.org/Security/Server_Side_TLS
2025-04-23 15:54:03 +02:00 · 2025-04-23 15:54:03 +02:00 · 46fe2c25c8
commit 46fe2c25c8
parent ab52efd622
1 changed files with 1 additions and 1 deletions
--- a/mail-server/dovecot.nix
+++ b/mail-server/dovecot.nix
@ -297,7 +297,7 @@ in
        mail_access_groups = ${vmailGroupName}
        ssl = required
        ssl_min_protocol = TLSv1.2
-        ssl_prefer_server_ciphers = yes
+        ssl_prefer_server_ciphers = no

        service lmtp {
          unix_listener dovecot-lmtp {