From 950f2955491954d6e9baea85ccbd74362a2771e6 Mon Sep 17 00:00:00 2001
From: Zhang Huangbin <zhb@iredmail.org>
Date: Wed, 15 Sep 2021 11:06:11 +0800
Subject: [PATCH] Update ssl_cipher_list in Dovecot config file.

---
 en_US/upgrade/0-upgrade.iredmail.1.4.2-1.4.3.md | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/en_US/upgrade/0-upgrade.iredmail.1.4.2-1.4.3.md b/en_US/upgrade/0-upgrade.iredmail.1.4.2-1.4.3.md
index a1cd36e8..3c44c748 100644
--- a/en_US/upgrade/0-upgrade.iredmail.1.4.2-1.4.3.md
+++ b/en_US/upgrade/0-upgrade.iredmail.1.4.2-1.4.3.md
@@ -79,3 +79,15 @@ ssl_session_cache shared:SSL:10m;
 ```
 
 Restarting Nginx service is required.
+
+### Dovecot: enable new ssl cipher `EECDH+CHACHA20` and remove the weak one `AES256+EDH`
+
+Please open file `/etc/dovecot/dovecot.conf` (Linux/OpenBSD) or
+`/usr/local/etc/dovecot/dovecot.conf` (FreeBSD), update parameter
+`ssl_cipher_list` to:
+
+```
+ssl_cipher_list = EECDH+CHACHA20:EECDH+AESGCM:EDH+AESGCM:AES256+EECDH
+```
+
+Restarting Dovecot service is required.