diff --git a/src/compat/config.c b/src/compat/config.c
index 746b46a..9ce9a98 100644
--- a/src/compat/config.c
+++ b/src/compat/config.c
@@ -316,9 +316,10 @@ write_imap_server( FILE *fp, config_t *cfg )
 	if (cfg->pass)
 		fprintf( fp, "Pass %s\n", quotify( cfg->pass ) );
 	fprintf( fp, "RequireCRAM %s\nRequireSSL %s\n"
-	             "UseSSLv2 %s\nUseSSLv3 %s\nUseTLSv1 %s\n",
+	             "UseSSLv2 %s\nUseSSLv3 %s\nUseTLSv1 %s\nUseTLSv1.1 %s\nUseTLSv1.2 %s\n",
 	             tb(cfg->require_cram), tb(cfg->require_ssl),
-	             tb(cfg->use_sslv2), tb(cfg->use_sslv3), tb(cfg->use_tlsv1) );
+	             tb(cfg->use_sslv2), tb(cfg->use_sslv3),
+	             tb(cfg->use_tlsv1), tb(cfg->use_tlsv1), tb(cfg->use_tlsv1) );
 	if ((cfg->use_imaps || cfg->use_sslv2 || cfg->use_sslv3 || cfg->use_tlsv1) &&
 	    cfg->cert_file)
 		fprintf( fp, "CertificateFile %s\n", quotify( cfg->cert_file ) );
diff --git a/src/compat/isync.1 b/src/compat/isync.1
index fb9900f..aad06aa 100644
--- a/src/compat/isync.1
+++ b/src/compat/isync.1
@@ -278,7 +278,7 @@ Should \fBisync\fR use SSLv3 for communication with the IMAP server over SSL?
 ..
 .TP
 \fBUseTLSv1\fR \fIyes\fR|\fIno\fR
-Should \fBisync\fR use TLSv1 for communication with the IMAP server over SSL?
+Should \fBisync\fR use TLSv1.x for communication with the IMAP server over SSL?
 (Default: \fIyes\fR)
 ..
 .TP
diff --git a/src/drv_imap.c b/src/drv_imap.c
index 3d66243..7aacb95 100644
--- a/src/drv_imap.c
+++ b/src/drv_imap.c
@@ -2767,7 +2767,7 @@ imap_parse_store( conffile_t *cfg, store_conf_t **storep )
 				arg += 6;
 				server->ssl_type = SSL_IMAPS;
 				if (server->sconf.ssl_versions == -1)
-					server->sconf.ssl_versions = SSLv2 | SSLv3 | TLSv1;
+					server->sconf.ssl_versions = SSLv2 | SSLv3 | TLSv1 | TLSv1_1 | TLSv1_2;
 			} else
 #endif
 			if (starts_with( arg, -1, "imap:", 5 ))
@@ -2930,7 +2930,7 @@ imap_parse_store( conffile_t *cfg, store_conf_t **storep )
 			}
 		} else {
 			if (server->sconf.ssl_versions < 0)
-				server->sconf.ssl_versions = TLSv1; /* Most compatible and still reasonably secure. */
+				server->sconf.ssl_versions = TLSv1 | TLSv1_1 | TLSv1_2;
 			if (server->ssl_type < 0)
 				server->ssl_type = server->sconf.tunnel ? SSL_None : SSL_STARTTLS;
 		}
diff --git a/src/mbsync.1 b/src/mbsync.1
index 51f356a..d2d5bd8 100644
--- a/src/mbsync.1
+++ b/src/mbsync.1
@@ -337,8 +337,8 @@ right after connecting the secure IMAP port 993.
 Select the acceptable SSL/TLS versions.
 Use of SSLv2 is strongly discouraged for security reasons, but might be the
 only option on some very old servers.
-Generally, the newest TLS version is recommended, but as this confuses some
-servers, \fBTLSv1\fR is the default.
+Use old versions only when the server has problems with newer ones.
+(Default: [\fBTLSv1\fR] [\fBTLSv1.1\fR] [\fBTLSv1.2\fR]).
 ..
 .TP
 \fBSystemCertificates\fR \fByes\fR|\fBno\fR