Hello,

it seems that the default value for ssl_min_protocol has changed from
TLSv1 to TLSv1.2, right?

After upgrading to v2.3.15 and with ssl_min_protocol commented out, the
server no longer offers TLSv1 and TLSv1.1.

This is a good idea, but should be documented.

Yeah, looks like we forgot about that. It's a bit too late to change the NEWS anymore, but added it at least to https://doc.dovecot.org/installation_guide/upgrading/from-2.3-to-2.3.x/