Thank you for telling me that plesk updates don't take into account the existing configuration files of the server.
You could be working in the Fake News Industry as an 'Influencer' with assumptions and supposions like that one...
No, that's not correct and/or you've misunderstood. The example given was the line commencing with
ssl_cipher_list That's because... you can manually edit & specify ciphers within
etc/dovecot/conf.d/11-plesk-security-ssl.conf, as you will no doubt know already. However, Plesk does manage these settings itself, so if... as an example, you have specified a
different set of ciphers globally within Plesk, then that set of ciphers will take priority after a Plesk upgrade over the manually edited set of ciphers that you specifed within
etc/dovecot/conf.d/11-plesk-security-ssl.conf which, will be overwritten. That was the point
You can read more from Plesk about the Plesk settings for this here:
How to enable or disable TLS protocol versions in Plesk for Linux? and then more from Plesk about using
# plesk sbin sslmng for other changes here:
Tune Plesk to Meet PCI DSS on Linux (it's easy to take a quick view of your current Plesk config via
# plesk sbin sslmng --show-config - you'll see Dovecot here) & finally, more about Dovecot config here:
SSL/DovecotConfiguration - Dovecot Wiki