Comment 5 for bug 82515

it really looks like Evolution is letting the factory defaults for NSS take over -- which means that, although permitted, most of the high-end encryption suites are not enabled.

I am assuming the ubuntu release of Evolution is using libnss (at least this is what is marked). I have not looked at Evolution with OpenSSL.

In camel.c @ camel_init(), Evolution sets up the use of domestic encryption via a call to NSS_SetDomesticPolicy(), but does not set up the (by default) not enabled ciphersuites, which the Mozilla documentation state as required. This would require calls to SSL_CipherPrefSetDefault() globally, or SSL_CipherPrefSet() on each socket. I cannot find any such calls in the code.

So... it looks that Evolution does need a patch in order to allow high-end ciphersuites to be used. It is missing the necessary setup.

c.f. http://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslfnc.html#1214758

Of course, I may be completely wrong, but I do not think so.