Specify TLSv1.3 as the only TLS version

[xtzws]

Hello,

I try and score 100% on the internet.nl mail test and they've recently marked several TLSv1.2 cipher suites as phase-out or insufficient which drops the overall score. Is there somewhere I can specify my own cipher suites or TLSv1.3 as the minimum TLS version?

I saw I could specify my own DH groups, but all groups are marked phase-out or insufficient as well. And specifying 1.3 didn't work in mailserver.env for TLS_LEVEL, unless I had the wrong syntax. Any help is appreciated!

[polarathene]

This answer provides context for why I discourage chasing scores without understanding the risk of doing so.

You should be fine however setting TLS 1.3 as the minimum if you're only dealing with modern mail servers and clients. However keep in mind you're reducing compatibility in favor of a score, DMS has you covered with secure TLS 1.2 cipher suite config (feel free to read through my lengthy audit from 2020-2021 linked below if you need assurance on that).

specifying 1.3 didn't work in mailserver.env for TLS_LEVEL, unless I had the wrong syntax.

The DMS ENV TLS_LEVEL details what values are supported (modern (default), or intermediate).

The modern level ciphersuites all use AEAD ciphers, which makes them quite secure.

This feature only applies to client ports such as:

• SMTP submission(s): 587 (StartTLS) / 465 (TLS)
• IMAP: 143 (StartTLS) / 993 (TLS)
• POP3: 110 (StartTLS) / 995 (TLS)

Those are all ports your mail client can interact with to retrieve mail or submit it to be sent. Security matters for these ports the most.

Port 25 (StartTLS) where mail is delivered to DMS from external mail servers is more relaxed and permits a wider set of cipher suites.

• That list is still quite secure (In 2020 I did a full audit on the TLS security in DMS and a follow-up in 2021) where DMS ensures insecure ciphersuites and TLS protocols are excluded AFAIK.
• Port 25 does not require TLS to be established for mail to be delivered to DMS (unless MTA-STS is used which ensures if TLS was used once by the client it'll be expected again in future transactions). IIRC it is expected to permit plain-text delivery if the client cannot negotiate TLS via StartTLS for some reason, this also ensures that you can receive the mail from the client and since SMTP is not exactly secure (there can be multiple hops between servers before this final transaction to DMS, thus you cannot ensure TLS was used throughout the journey), this is acceptable.

---

I try and score 100% on the internet.nl mail test and they've recently marked several TLSv1.2 cipher suites as phase-out or insufficient which drops the overall score.

These services tend to be more of a guide for those that lack expertise to know better. I want to place emphasis on as a guide because chasing a perfect score does not necessarily mean it's the best, especially if the test is generic.

Here's various examples to demonstrate what I mean:

• Confused about TLSv1.2+TLSv1.3 vs. TLSv1.3 only. ssllabs/ssllabs-scan#815 (comment) (TLS 1.3 only gets weaker grade due to no fallback to TLS 1.2)
• Flag certificate sizes less than 3072 as red or yellow. testssl/testssl.sh#2245 (comment) (RSA 2048-bit is still very secure, NIST or similar however raise this and some deployments must satisfy compliance for the sake of it)
• Clarify or improve STARTLS check for "Encryption via STARTTLS is not mandatory (opportunistic)." testssl/testssl.sh#1734 (comment) (Flagged grade F only because of StartTLS used correctly on port 25)
• PrioritizeChaCha detection testssl/testssl.sh#1733 (comment) (awareness of client type and server vs client preference order if all ciphersuites are PFS)
• Relax recommendation on cipher order testssl/testssl.sh#1311 (comment) (getting flagged for using client preference when it's safe to do so when only offering AEAD ciphersuites)
• BEAST should only apply to HTTPS testssl/testssl.sh#1740 (comment) (flagging vulnerability without protocol awareness)
• Weak algorythms merits a pefect score ? ssllabs/ssllabs-scan#807 (comment) (user complains about an A+ score despite only TLS 1.2 offered with weaker ciphersuites like those using CBC, yet they're technically secure)

From the above are also comments of mine (1, 2) emphasizing on the fact not to chase scores but use such scanning tools/services as a guide for awareness of what may be wrong and looking into that. As shown from the cited links above the scores themselves from such tools aren't necessarily accurate or reliable depending on context.

---

I saw I could specify my own DH groups

Yes there is support to customize them, but you're generally advised not to (especially if you don't know what you're doing). Despite standardized groups being used by a large number of servers, these start at 2048-bit and as a result are quite secure like I mentioned with RSA 2048-bit.

In fact TLS 1.3 does have the ability to use DHE and forbids custom groups, instead using the standardized ones (RFC 7919). OpenSSL for example provides this (although I think there was a recent change related to such support, I can't recall if that was TLS 1.2 or TLS 1.3... I think it was to allow TLS 1.2 to leverage standardized groups implicitly without providing them to OpenSSL).

EDIT: Ah here is a comment from the Postfix maintainer at OpenSSL about using RFC 7919 groups for TLS 1.2 (despite the later history in that thread, that was resolved and should be included in the OpenSSL 4.0 release (April 2026)).

NOTE: DMS will eventually remove DHE cipher suites (with docs for manually restoring support). If users require that for older clients, but it should mostly be irrelevant these days AFAIK (I don't keep track of SMTP ciphersuite negotiations or manage a mail server myself, but by now I'd hope most clients are capable of TLS 1.3 or the older TLS 1.2 cipher suites).

[polarathene]

Any help is appreciated!

Here is the short and sweet advice that should work for you via a compose.yaml reference.

Be aware what you've asked for isn't officially supported, so when upgrading DMS in future do pay extra attention to our changelog (as this advice is not officially supported, such breakage may not be as obvious). It's possible a future release breaks the advised solution (generally I try to enable users to customize and have control, but that sometimes conflicts with DMS scripts and expectations of what DMS has authority over).

Adapt the following reference to your own compose.yaml:

services:
  dms:
    image: ghcr.io/docker-mailserver/docker-mailserver:15.1
    hostname: mail.example.test
    environment:
      # Workaround - Prevent DMS from undoing your custom changes for forcing TLS 1.3:
      # (NOTE: May break in future image upgrade)
      TLS_LEVEL: CUSTOM
      # You must set this to a valid value to leverage TLS (otherwise TLS is disabled by default):
      # https://docker-mailserver.github.io/docker-mailserver/v15.1/config/environment/#ssl_type
      SSL_TYPE: letsencrypt
    # These are embedded configs in `compose.yaml`, you can use `volumes` instead if you prefer:
    configs:
      - source: overrides-postfix
        target: /tmp/docker-mailserver/postfix-main.cf
      - source: overrides-dovecot
        target: /tmp/docker-mailserver/dovecot.cf

# Using the Docker Compose `configs.content` feature instead of volume mounting separate files.
# NOTE: This feature requires Docker Compose v2.23.1 (Nov 2023) or newer:
# https://github.com/compose-spec/compose-spec/pull/446
configs:
  overrides-postfix:
    content: |
      smtpd_tls_protocols = >=TLSv1.3
      smtpd_tls_mandatory_protocols = >=TLSv1.3
      smtp_tls_protocols = >=TLSv1.3

  overrides-dovecot:
    content: |
      ssl_min_protocol = TLSv1.3

NOTE: You possibly don't need or care about the smtp_tls_protocols line. Your testing service is unlikely to report on that?

• It affects outgoing connections, similar to incoming connections if both ends don't support TLS 1.3 the connection will fallback to plain-text (unencrypted) as is expected for port 25.
• If you want both incoming and outgoing traffic on port 25 to have broader compatibility with secure ciphers, you could allow TLS 1.2?
  • TLS is optional for this port to ensure delivery, nor can you guarantee it was encrypted for the full transit (SMTP TLS doesn't work like HTTPS, there can be multiple hops out of your control).
  • Modern MTAs should use TLS 1.3 by default regardless, there is a possibility someone sends mail from a very old system running their own mail server that lacks TLS 1.3 support.
  • Any attacker wanting to avoid TLS 1.3 would just prevent the TLS negotiation to fallback to plain-text on port 25, as TLS is not mandatory.
• If you only care about the ports your users of DMS connect to with mail clients like Thunderbird, then you only need to set smtpd_tls_mandatory_protocols (Postfix, ports: 587/465) + ssl_min_protocol (Dovecot, ports 110/995 + 143/993) to enforce TLS 1.3.
  • These ports are highly likely to receive connections from systems with TLS 1.3 support. Much easier to ensure and control/enforce for a deployment with your users.
  • These ports also all require authentication with credentials (unlike port 25), DMS enforces TLS (assuming you've set SSL_TYPE) so that even the StartTLS ports cannot fallback to plain-text and are rejected when TLS cannot be negotiated.

Full explanation

If you still insist on this, the relevant settings to modify are here:

docker-mailserver/target/postfix/main.cf

Lines 43 to 46 in 4257c15

	smtpd_tls_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
	smtp_tls_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
	smtpd_tls_mandatory_ciphers = high
	smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1

docker-mailserver/target/dovecot/10-ssl.conf

Lines 53 to 55 in 4257c15

	# Minimum SSL protocol version to use. Potentially recognized values are SSLv3,
	# TLSv1, TLSv1.1, and TLSv1.2, depending on the OpenSSL version used.
	ssl_min_protocol = TLSv1.2

Postfix 3.6+ can use simpler syntax (DMS v15.1 provides Postfix 3.7, our config just hasn't been updated to the newer syntax yet):

# Inbound connections (port 25, mandatory is for ports 587 and 465):
smtpd_tls_protocols = >=TLSv1.3
smtpd_tls_mandatory_protocols = >=TLSv1.3

# Outbound connections (DMS sending mail to another mail server):
# Warning: This means if the MTA DMS connects to doesn't support TLS 1.3, you'll likely fallback to unencrypted.
smtp_tls_protocols = >=TLSv1.3

Dovecot ssl_min_protocol (this setting was not renamed in the Dovecot 2.4 upgrade included in the upcoming DMS v16 release, so updating DMS should go smoothly once that's released):

ssl_min_protocol = TLSv1.3

Apply the above with our user-patches.sh feature,

However... our check-for-changes.sh service (when detecting an updated TLS cert for DMS) will presently call _setup_ssl(), which will replace your related user-patches.sh changes during runtime:

docker-mailserver/target/scripts/helpers/ssl.sh

Lines 87 to 104 in 4257c15

	function _apply_tls_level() {
	local TLS_CIPHERS_ALLOW=$1
	local TLS_PROTOCOL_IGNORE=$2
	local TLS_PROTOCOL_MINIMUM=$3
	# Postfix configuration
	sed -i -r \
	-e "s|^(smtpd?_tls_mandatory_protocols =).*|\1 ${TLS_PROTOCOL_IGNORE}|" \
	-e "s|^(smtpd?_tls_protocols =).*|\1 ${TLS_PROTOCOL_IGNORE}|" \
	-e "s|^(tls_high_cipherlist =).*|\1 ${TLS_CIPHERS_ALLOW}|" \
	"${POSTFIX_CONFIG_MAIN}"
	# Dovecot configuration (secure by default though)
	sed -i -r \
	-e "s|^(ssl_min_protocol =).*|\1 ${TLS_PROTOCOL_MINIMUM}|" \
	-e "s|^(ssl_cipher_list =).*|\1 ${TLS_CIPHERS_ALLOW}|" \
	"${DOVECOT_CONFIG_SSL}"
	}

Presently it looks like you can workaround this by adding the TLS_LEVEL ENV with an unsupported value:

docker-mailserver/target/scripts/helpers/ssl.sh

Lines 133 to 157 in 4257c15

	# TLS strength/level configuration
	case "${TLS_LEVEL}" in
	( "modern" )
	local TLS_MODERN_SUITE='ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384'
	local TLS_MODERN_IGNORE='!SSLv2,!SSLv3,!TLSv1,!TLSv1.1'
	local TLS_MODERN_MIN='TLSv1.2'
	_apply_tls_level "${TLS_MODERN_SUITE}" "${TLS_MODERN_IGNORE}" "${TLS_MODERN_MIN}"
	_log 'debug' "TLS configured with 'modern' ciphers"
	;;
	( "intermediate" )
	local TLS_INTERMEDIATE_SUITE='ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256'
	local TLS_INTERMEDIATE_IGNORE='!SSLv2,!SSLv3,!TLSv1,!TLSv1.1'
	local TLS_INTERMEDIATE_MIN='TLSv1.2'
	_apply_tls_level "${TLS_INTERMEDIATE_SUITE}" "${TLS_INTERMEDIATE_IGNORE}" "${TLS_INTERMEDIATE_MIN}"
	_log 'debug' "TLS configured with 'intermediate' ciphers"
	;;
	( * )
	_log 'warn' "TLS_LEVEL '${TLS_LEVEL}' not valid"
	;;

To my knowledge, that'd be more problematic with TLS 1.2 (if we had to consider changing the cipher suites), but with TLS 1.3 since that's no longer relevant, I think you'll be alright. AFAIK that seems to be the only relevant DMS logic affecting the TLS level config for both the Postfix and Dovecot services 👍