diff --git a/roles/dovecot/templates/local.conf.j2 b/roles/dovecot/templates/local.conf.j2
index 51ce026..6276c88 100644
--- a/roles/dovecot/templates/local.conf.j2
+++ b/roles/dovecot/templates/local.conf.j2
@@ -1,5 +1,5 @@
-# generated 2024-02-14, Mozilla Guideline v5.7, Dovecot 2.3.16, OpenSSL 1.1.1, modern configuration
-# https://ssl-config.mozilla.org/#server=dovecot&version=2.3.16&config=modern&openssl=1.1.1&guideline=5.7
+# generated 2024-12-15, Mozilla Guideline v5.7, Dovecot 2.3.16, OpenSSL 3.2.2, modern config
+# https://ssl-config.mozilla.org/#server=dovecot&version=2.3.16&config=modern&openssl=3.2.2&guideline=5.7
 ssl = required
 
 ssl_cert = <{{ tls_certs }}/{{ mail_server }}-fullchain.crt
@@ -7,6 +7,7 @@ ssl_key = <{{ tls_private }}/{{ mail_server }}.key
 
 ssl_min_protocol = TLSv1.3
 ssl_prefer_server_ciphers = no
+ssl_curve_list = X25519:prime256v1:secp384r1
 
 # kerberos
 auth_gssapi_hostname = "$ALL"