diff --git a/en_US/upgrade/0-upgrade.iredmail.1.4.2-1.4.3.md b/en_US/upgrade/0-upgrade.iredmail.1.4.2-1.4.3.md
index a1cd36e8..3c44c748 100644
--- a/en_US/upgrade/0-upgrade.iredmail.1.4.2-1.4.3.md
+++ b/en_US/upgrade/0-upgrade.iredmail.1.4.2-1.4.3.md
@@ -79,3 +79,15 @@ ssl_session_cache shared:SSL:10m;
 ```
 
 Restarting Nginx service is required.
+
+### Dovecot: enable new ssl cipher `EECDH+CHACHA20` and remove the weak one `AES256+EDH`
+
+Please open file `/etc/dovecot/dovecot.conf` (Linux/OpenBSD) or
+`/usr/local/etc/dovecot/dovecot.conf` (FreeBSD), update parameter
+`ssl_cipher_list` to:
+
+```
+ssl_cipher_list = EECDH+CHACHA20:EECDH+AESGCM:EDH+AESGCM:AES256+EECDH
+```
+
+Restarting Dovecot service is required.