diff --git a/mail-server/dovecot.nix b/mail-server/dovecot.nix
index 9d401cc..13f68bb 100644
--- a/mail-server/dovecot.nix
+++ b/mail-server/dovecot.nix
@@ -368,6 +368,18 @@ in
         ssl = required
         ssl_min_protocol = TLSv1.2
         ssl_prefer_server_ciphers = no
+        ssl_cipher_list = ${
+          lib.concatStringsSep ":" [
+            # TLS1.3
+            "TLS_AES_128_GCM_SHA256"
+            "TLS_CHACHA20_POLY1305_SHA256"
+            "TLS_AES_256_GCM_SHA384"
+            # TLS1.2
+            "ECDHE-ECDSA-AES128-GCM-SHA256"
+            "ECDHE-ECDSA-CHACHA20-POLY1305"
+            "ECDHE-ECDSA-AES256-GCM-SHA384"
+          ]
+        }
         ssl_curve_list = X25519MLKEM768:X25519:prime256v1:secp384r1
 
         service lmtp {