This PR breaks OSX mail client (imap and smtp)

https://discussions.apple.com/thread/7299638?start=0&tstart=0 it's a bit old and I guess Mail doesn't support TLS 1.2
Maybe enabling TLS 1.0 and 1.1 will solve the problem

I tested your suggestion but still having the problem.

TLS handshaking: SSL_accept() failed: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher,

Oh right it's a cipher problem. Damn it seems Mail uses the system openssl which is secure but outdated.

Could you please post the output of the command

openssl s_client -connect 127.0.0.1:143 -starttls imap

CONNECTED(00000003) 97135:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-59.60.1/src/ssl/s23_clnt.c:593:

And also you could try setting the ciphers using the Intermediate level (the reference link on the PR)

ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS

Seems better.

And if neither the last ciphers list works, we can try using openssl ciphers | sed "s/:/\\n/g" to get so ciphers supported by macos. Then we will insert some of those in the list for both devcot and postfix

You list seems ok with dovecot and postfix.