Hello list,

In the latest Dovecot docs I read:

For TLSv1.3 server ciphers should not longer be preferred:

ssl_server_prefer_ciphers = client

Source: https://doc.dovecot.org/2.4.2/core/config/ssl.html

I am not so much wondering why TLS 1.3 should no longer have server preference enabled; I am wondering HOW one can set server preference to 'yes' for TLS <= 1.2, and to 'no' for TLS 1.3+.

If this is not possible, which setting would be preferred? Would setting it to 'yes' break something with TLS 1.3, or would it be safe to leave it on 'yes' despite the docs (here, I suppose, I am asking for a bit of clarification on the 'why' of this change)?

Thank you for enlightening me!

Kind regards, Edmund

-- Edmund Lodewijks <edmund@proteamail.com> TZ: UCT+2 / GMT+2