ssl = yes
ssl_cert = </etc/dovecot/ssl/dovecot.cert
ssl_key = </etc/dovecot/ssl/dovecot.key
ssl_min_protocol = TLSv1.2
ssl_cipher_list = ECHACHA20+POLY1305:ECDH+AESGCM:EDH+AESGCM
ssl_prefer_server_ciphers = yes
# openssl dhparam -out /etc/dovecot/ssl/dhparam.pem 4096
ssl_dh = </etc/dovecot/ssl/dhparam.pem