From 284a1e404171b0768514badf0b807e6d617456ea Mon Sep 17 00:00:00 2001
From: Jakub Skokan <jakub.skokan@havefun.cz>
Date: Wed, 28 Oct 2020 21:41:00 +0100
Subject: [PATCH] Allow TLSv1 for compatibility with older devices

---
 mail-server/dovecot.nix | 2 +-
 mail-server/postfix.nix | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/mail-server/dovecot.nix b/mail-server/dovecot.nix
index 56cebf2..4cb0207 100644
--- a/mail-server/dovecot.nix
+++ b/mail-server/dovecot.nix
@@ -307,7 +307,7 @@ in
 
         mail_access_groups = ${vmailGroupName}
         ssl = required
-        ssl_min_protocol = TLSv1.2
+        ssl_min_protocol = TLSv1
         ssl_prefer_server_ciphers = no
 
         service lmtp {
diff --git a/mail-server/postfix.nix b/mail-server/postfix.nix
index d1c59b2..c37face 100644
--- a/mail-server/postfix.nix
+++ b/mail-server/postfix.nix
@@ -271,10 +271,10 @@ in
         smtpd_tls_security_level = "may";
 
         # Disable obselete protocols
-        smtpd_tls_protocols = "TLSv1.3, TLSv1.2, !TLSv1.1, !TLSv1, !SSLv2, !SSLv3";
-        smtp_tls_protocols = "TLSv1.3, TLSv1.2, !TLSv1.1, !TLSv1, !SSLv2, !SSLv3";
-        smtpd_tls_mandatory_protocols = "TLSv1.3, TLSv1.2, !TLSv1.1, !TLSv1, !SSLv2, !SSLv3";
-        smtp_tls_mandatory_protocols = "TLSv1.3, TLSv1.2, !TLSv1.1, !TLSv1, !SSLv2, !SSLv3";
+        smtpd_tls_protocols = "TLSv1.3, TLSv1.2, TLSv1.1, TLSv1, !SSLv2, !SSLv3";
+        smtp_tls_protocols = "TLSv1.3, TLSv1.2, TLSv1.1, TLSv1, !SSLv2, !SSLv3";
+        smtpd_tls_mandatory_protocols = "TLSv1.3, TLSv1.2, TLSv1.1, TLSv1, !SSLv2, !SSLv3";
+        smtp_tls_mandatory_protocols = "TLSv1.3, TLSv1.2, TLSv1.1, TLSv1, !SSLv2, !SSLv3";
 
         smtp_tls_ciphers = "high";
         smtpd_tls_ciphers = "high";