diff --git a/mail-server/dovecot.nix b/mail-server/dovecot.nix
index 6248351..13f68bb 100644
--- a/mail-server/dovecot.nix
+++ b/mail-server/dovecot.nix
@@ -368,7 +368,19 @@ in
         ssl = required
         ssl_min_protocol = TLSv1.2
         ssl_prefer_server_ciphers = no
-        ssl_curve_list = X25519:prime256v1:secp384r1
+        ssl_cipher_list = ${
+          lib.concatStringsSep ":" [
+            # TLS1.3
+            "TLS_AES_128_GCM_SHA256"
+            "TLS_CHACHA20_POLY1305_SHA256"
+            "TLS_AES_256_GCM_SHA384"
+            # TLS1.2
+            "ECDHE-ECDSA-AES128-GCM-SHA256"
+            "ECDHE-ECDSA-CHACHA20-POLY1305"
+            "ECDHE-ECDSA-AES256-GCM-SHA384"
+          ]
+        }
+        ssl_curve_list = X25519MLKEM768:X25519:prime256v1:secp384r1
 
         service lmtp {
           unix_listener dovecot-lmtp {