From efebf59b137b269ee5716aa82b6d377c22580fb5 Mon Sep 17 00:00:00 2001
From: Martin Weinelt <hexa@darmstadt.ccc.de>
Date: Fri, 13 Jun 2025 03:13:27 +0200
Subject: [PATCH] dovecot: configure preferred elliptic curves

---
 mail-server/dovecot.nix | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/mail-server/dovecot.nix b/mail-server/dovecot.nix
index edb244c..375bfe8 100644
--- a/mail-server/dovecot.nix
+++ b/mail-server/dovecot.nix
@@ -298,9 +298,12 @@ in
         }
 
         mail_access_groups = ${vmailGroupName}
+
+        # https://ssl-config.mozilla.org/#server=dovecot&version=2.3.21&config=intermediate&openssl=3.4.1&guideline=5.7
         ssl = required
         ssl_min_protocol = TLSv1.2
         ssl_prefer_server_ciphers = no
+        ssl_curve_list = X25519:prime256v1:secp384r1
 
         service lmtp {
           unix_listener dovecot-lmtp {