> On 2019-10-28 15:36, Aki Tuomi wrote: > Also, you could try the *default* cipher list (unset ssl_cipher_list), which is reasonable. Also make sure you have 'ssl_prefer_server_ciphers=yes', so that the server-side priority list is used. setting ssl_prefer_server_ciphers=yes did the trick. Now my imap client uses ECDHE-RSA-AES256-SHA many thanks,