From 7b88bf6d0cfcc03010954be09b16092310f6c55e Mon Sep 17 00:00:00 2001
From: Jakub Skokan <jakub.skokan@havefun.cz>
Date: Wed, 28 Oct 2020 21:41:00 +0100
Subject: [PATCH] Allow TLSv1 for compatibility with older devices

---
 mail-server/dovecot.nix | 2 +-
 mail-server/postfix.nix | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/mail-server/dovecot.nix b/mail-server/dovecot.nix
index 18a9262..d5cc03d 100644
--- a/mail-server/dovecot.nix
+++ b/mail-server/dovecot.nix
@@ -192,7 +192,7 @@ in
 
         mail_access_groups = ${vmailGroupName}
         ssl = required
-        ssl_min_protocol = TLSv1.2
+        ssl_min_protocol = TLSv1
         ssl_prefer_server_ciphers = yes
 
         service lmtp {
diff --git a/mail-server/postfix.nix b/mail-server/postfix.nix
index 340122b..999f047 100644
--- a/mail-server/postfix.nix
+++ b/mail-server/postfix.nix
@@ -206,10 +206,10 @@ in
         smtpd_tls_eecdh_grade = "ultra";
 
         # Disable obselete protocols
-        smtpd_tls_protocols = "TLSv1.3, TLSv1.2, TLSv1.1, !TLSv1, !SSLv2, !SSLv3";
-        smtp_tls_protocols = "TLSv1.3, TLSv1.2, TLSv1.1, !TLSv1, !SSLv2, !SSLv3";
-        smtpd_tls_mandatory_protocols = "TLSv1.3, TLSv1.2, TLSv1.1, !TLSv1, !SSLv2, !SSLv3";
-        smtp_tls_mandatory_protocols = "TLSv1.3, TLSv1.2, TLSv1.1, !TLSv1, !SSLv2, !SSLv3";
+        smtpd_tls_protocols = "TLSv1.3, TLSv1.2, TLSv1.1, TLSv1, !SSLv2, !SSLv3";
+        smtp_tls_protocols = "TLSv1.3, TLSv1.2, TLSv1.1, TLSv1, !SSLv2, !SSLv3";
+        smtpd_tls_mandatory_protocols = "TLSv1.3, TLSv1.2, TLSv1.1, TLSv1, !SSLv2, !SSLv3";
+        smtp_tls_mandatory_protocols = "TLSv1.3, TLSv1.2, TLSv1.1, TLSv1, !SSLv2, !SSLv3";
 
         smtp_tls_ciphers = "high";
         smtpd_tls_ciphers = "high";