From 863c8922231031b66d5b13a320313f46eae5addb Mon Sep 17 00:00:00 2001
From: Jakub Skokan <jakub.skokan@havefun.cz>
Date: Wed, 28 Oct 2020 21:41:00 +0100
Subject: [PATCH] Allow TLSv1 for compatibility with older devices

---
 mail-server/dovecot.nix | 2 +-
 mail-server/postfix.nix | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/mail-server/dovecot.nix b/mail-server/dovecot.nix
index 7d73ee2..c7626c4 100644
--- a/mail-server/dovecot.nix
+++ b/mail-server/dovecot.nix
@@ -250,7 +250,7 @@ in
 
         mail_access_groups = ${vmailGroupName}
         ssl = required
-        ssl_min_protocol = TLSv1.2
+        ssl_min_protocol = TLSv1
         ssl_prefer_server_ciphers = yes
 
         service lmtp {
diff --git a/mail-server/postfix.nix b/mail-server/postfix.nix
index c050736..ef908cb 100644
--- a/mail-server/postfix.nix
+++ b/mail-server/postfix.nix
@@ -278,10 +278,10 @@ in
         smtpd_tls_eecdh_grade = "ultra";
 
         # Disable obselete protocols
-        smtpd_tls_protocols = "TLSv1.3, TLSv1.2, TLSv1.1, !TLSv1, !SSLv2, !SSLv3";
-        smtp_tls_protocols = "TLSv1.3, TLSv1.2, TLSv1.1, !TLSv1, !SSLv2, !SSLv3";
-        smtpd_tls_mandatory_protocols = "TLSv1.3, TLSv1.2, TLSv1.1, !TLSv1, !SSLv2, !SSLv3";
-        smtp_tls_mandatory_protocols = "TLSv1.3, TLSv1.2, TLSv1.1, !TLSv1, !SSLv2, !SSLv3";
+        smtpd_tls_protocols = "TLSv1.3, TLSv1.2, TLSv1.1, TLSv1, !SSLv2, !SSLv3";
+        smtp_tls_protocols = "TLSv1.3, TLSv1.2, TLSv1.1, TLSv1, !SSLv2, !SSLv3";
+        smtpd_tls_mandatory_protocols = "TLSv1.3, TLSv1.2, TLSv1.1, TLSv1, !SSLv2, !SSLv3";
+        smtp_tls_mandatory_protocols = "TLSv1.3, TLSv1.2, TLSv1.1, TLSv1, !SSLv2, !SSLv3";
 
         smtp_tls_ciphers = "high";
         smtpd_tls_ciphers = "high";