diff --git a/docs/rolereference.rst b/docs/rolereference.rst
index ca20f083cedd3eabdd6bdc97ca671e16ca8c7504..0898c344e1f6522523bb659e975a94bc3e7a090b 100644
--- a/docs/rolereference.rst
+++ b/docs/rolereference.rst
@@ -1169,19 +1169,27 @@ Parameters
 **mail_server_minimum_tls_protocol** (string, optional, ``"TLSv1.2"``)
   Minimum version of TLS protocol to allow when connecting to SMTP
   submission port or IMAP. Value should be compatible with Dovecot's
-  ``ssl_protocols`` configuration option.
+  ``ssl_protocols`` and ``smtpd_tls_mandatory_protocols``
+  configuration options. Older versions of TLS protocol (TLSv1.1 and
+  lower) are not fully supported by the role, and additional
+  configuration is required on the server to weaken the OpenSSL
+  security policies.
 
 **mail_server_smtp_additional_configuration** (string, optional, ``""``))
   Additional configuration directives to include in SMTP server main
   configuration file. Directives must be specifically compatible with
   Postfix, and are treated verbatim (multi-line string will suffice).
 
-**mail_server_tls_ciphers** (string, optional ``DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:!aNULL:!MD5:!EXPORT``)
-  TLS ciphers to enable on the mail server (for IMAP and SMTP submission). This
-  should be an OpenSSL-compatible cipher specification. Value should be
-  compatible with Postfix configuration option ``tls_high_cipherlist`` and
-  Dovecot configuration option ``ssl_cipher_list``. Default value allows only
-  TLSv1.2 and strong PFS ciphers.
+**mail_server_tls_ciphers** (string, optional ``DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:!aNULL:!MD5:!EXPORT``)
+  TLS ciphers to enable on the mail server (for IMAP and SMTP
+  submission). This should be an OpenSSL-compatible cipher
+  specification. Value should be compatible with Postfix configuration
+  option ``tls_high_cipherlist`` and Dovecot configuration option
+  ``ssl_cipher_list``. Default value allows TLSv1.2 with strong PFS
+  ciphers and RSA private keys. Ciphers listed for use with TLSv1.3
+  (``TLS_*`` ones) are mandated by relevant standards, and cannot be
+  disabled if TLSv1.3 is enabled. The TLSv1.3 ciphers are included in
+  this list for completeness' sake.
 
 **mail_user** (string, optional, ``vmail``)
   Name of the user that owns all the mail files.