From af9fc4c5194aeddbcbabade812527da7a262e4b9 Mon Sep 17 00:00:00 2001
From: Jakub Skokan <jakub.skokan@havefun.cz>
Date: Wed, 28 Oct 2020 21:41:00 +0100
Subject: [PATCH] Allow TLSv1 for compatibility with older devices

---
 mail-server/dovecot.nix | 2 +-
 mail-server/postfix.nix | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/mail-server/dovecot.nix b/mail-server/dovecot.nix
index 75c8b82..b29d8b6 100644
--- a/mail-server/dovecot.nix
+++ b/mail-server/dovecot.nix
@@ -292,7 +292,7 @@ in
           ssl_server_key_file = x509PrivateKeyFile;
           # https://ssl-config.mozilla.org/#server=dovecot&version=2.3.21&config=intermediate&openssl=3.4.1&guideline=5.7
           ssl = "required";
-          ssl_min_protocol = "TLSv1.2";
+          ssl_min_protocol = "TLSv1";
           ssl_server_prefer_ciphers = "client";
           ssl_cipher_list = lib.concatStringsSep ":" [
             # TLS1.3
diff --git a/mail-server/postfix.nix b/mail-server/postfix.nix
index aa02d37..bd5af4a 100644
--- a/mail-server/postfix.nix
+++ b/mail-server/postfix.nix
@@ -392,8 +392,8 @@ in
         smtpd_tls_auth_only = true;
 
         # TLS versions supported for the SMTP server
-        smtpd_tls_protocols = ">=TLSv1.2";
-        smtpd_tls_mandatory_protocols = ">=TLSv1.2";
+        smtpd_tls_protocols = ">=TLSv1";
+        smtpd_tls_mandatory_protocols = ">=TLSv1";
 
         # Require ciphersuites that OpenSSL classifies as "High"
         smtpd_tls_ciphers = "high";