Hi all,

I'm trying to set up my server with support for TLS 1.3 only, but that does not seem to be supported.

First off, TLS 1.3 itself does work fine, so it's not the config or ssl library, and 1.3-only works fine with Postfix. The problem is only in disabling TLS 1.2 for Dovecot.

On connection, I'm getting an error that 1.3 is an "Unknown ssl_min_protocol setting".

Reading the source code, it seems that `openssl_min_protocol_to_options` in `src/lib-ssl-iostream/iostream-openssl-common.c` is simply missing an entry like

{ SSL_TXT_TLSV1_3, TLS1_3_VERSION, SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2 }

Is this a bug, something intentional, or has it simply not been added yet because nobody has been crazy enough to ask for it?

Kind regards,

Laurens