diff --git a/contriborbase b/contriborbase
deleted file mode 100644
index ef36a67..0000000
--- a/contriborbase
+++ /dev/null
@@ -1 +0,0 @@
-sme10
diff --git a/root/etc/e-smith/db/configuration/migrate/dovecot b/root/etc/e-smith/db/configuration/migrate/dovecot
index 41ada24..3c7717d 100644
--- a/root/etc/e-smith/db/configuration/migrate/dovecot
+++ b/root/etc/e-smith/db/configuration/migrate/dovecot
@@ -7,5 +7,9 @@
  foreach my $prope (qw( SSLv2 SSLv3 TLSv1 TLSv1.1 TLSv1.2 dh )) {
   $DB->get_prop_and_delete('dovecot', $prope) if (exists $dovecot{$prope});
  }
+ # drop SSLv2 from ssl_min_protocol
+  foreach my $prope (qw( SSLv2 )) {
+  $DB->get_prop_and_delete('dovecot', 'ssl_min_protocol') if (exists $dovecot{'ssl_min_protocol'} && $dovecot{'ssl_min_protocol'} eq $prope);
+ }
 
 }
diff --git a/root/etc/e-smith/templates/etc/dovecot/dovecot.conf/35ssl b/root/etc/e-smith/templates/etc/dovecot/dovecot.conf/35ssl
index 2d88165..82930c8 100644
--- a/root/etc/e-smith/templates/etc/dovecot/dovecot.conf/35ssl
+++ b/root/etc/e-smith/templates/etc/dovecot/dovecot.conf/35ssl
@@ -2,13 +2,11 @@ ssl = {$OUT .= ( (($imaps{'status'} || 'enabled') eq 'enabled') || (($pops{'stat
 ssl_cert = </etc/dovecot/ssl/imapd.pem
 ssl_key = </etc/dovecot/ssl/imapd.pem
 {
-
-my %protos={SLv3=>1,TLSv1=>1, TLSv1.1=>1, TLSv1.2=>1,TLSv1.3=>1};
-my $proto = ( (exists $dovecot{'ssl_min_protocol'} ) && (exists $protos{$dovecot{'ssl_min_protocol'}} ) ) ? $dovecot{'ssl_min_protocol'} : 'TLSv1.2';
+use esmith::ssl;
+my $proto = ( (exists $dovecot{'ssl_min_protocol'} ) && (exists $existingSSLprotos{$dovecot{'ssl_min_protocol'}} ) ) ? $dovecot{'ssl_min_protocol'} : SSLprotoMin();
 
 $OUT .= "ssl_dh=</etc/dovecot/ssl/dhparam.pem\n";
 $OUT .= "ssl_min_protocol = $proto\n" if ($proto ne '');
 $OUT .= "ssl_prefer_server_ciphers = yes\n";
-$OUT .= "ssl_cipher_list = " . ($dovecot{CipherSuite} || $modSSL{CipherSuite} || 'ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:HIGH@STRENGTH:!SSLv2:!ADH:!aNULL:!MD5:!RC4') . "\n";
-
+$OUT .= "ssl_cipher_list = " . ($dovecot{CipherSuite} || $modSSL{CipherSuite} || $smeCiphers ). "\n";
 }
diff --git a/smeserver-dovecot.spec b/smeserver-dovecot.spec
index 6d89861..86e44e6 100644
--- a/smeserver-dovecot.spec
+++ b/smeserver-dovecot.spec
@@ -1,5 +1,5 @@
 %define version 11.0.0
-%define release 13
+%define release 14
 %define name smeserver-dovecot
 
 
@@ -41,6 +41,11 @@ Configure the dovecot IMAP server with sieve scripts support,
 quota, ACL, extended logging, master user
 
 %changelog
+* Sat Jan 18 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-14.sme
+- use esmith::ssl to set ciphers and protocol [SME: 12821]
+  improve cipher order to get strongers first
+  drop SSLv2
+
 * Mon Oct 21 2024 John Crisp <jcrisp@safeandsoundit.co.uk> 11.0.0-13.sme
 - use INDEXPVT instead of INDEX for shared mailboxes [SME: 12150]