From fb8886547b569be3e6b72b526cea64c02424a5c4 Mon Sep 17 00:00:00 2001
From: Benjamin Asbach <4610679-asbachb@users.noreply.gitlab.com>
Date: Sun, 24 May 2020 19:23:53 +0200
Subject: [PATCH] Enable dovecot option to prefer server ciphers

This might prevent misconfigured clients to use a weak cipher when stronger ciphers are available.
---
 mail-server/dovecot.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/mail-server/dovecot.nix b/mail-server/dovecot.nix
index 9145af1..02d5a5d 100644
--- a/mail-server/dovecot.nix
+++ b/mail-server/dovecot.nix
@@ -130,6 +130,7 @@ in
         mail_access_groups = ${vmailGroupName}
         ssl = required
         ssl_min_protocol = TLSv1.2
+        ssl_prefer_server_ciphers = yes
 
         service lmtp {
           unix_listener dovecot-lmtp {