@doctorow -- Thanks! It was crashing on any device with a phone-sized screen (less than "phabet" sized). Sorry. Fixed:
http://www.aqua-mail.com/download/AquaMail-market-1.3.20.4.apk
Working well now, thanks! Also discovered the Network->SSL hardening option. Turned on didn't immediately change anything; I had to kill the Aqua process and restart it to see the difference in the server log files.
Previous:
Feb 17 15:05:08 mail cyrus/imaps[29999]: SSL_accept() incomplete -> wait
Feb 17 15:05:08 mail cyrus/imaps[29999]: SSL_accept() succeeded -> done
Feb 17 15:05:08 mail cyrus/imaps[29999]: starttls: TLSv1 with cipher AES128-SHA (128/128 bits reused) no authentication
After restart with SSL hardening:
Feb 17 15:05:53 mail cyrus/imaps[29923]: SSL_accept() incomplete -> wait
Feb 17 15:05:53 mail cyrus/imaps[29923]: SSL_accept() succeeded -> done
Feb 17 15:05:53 mail cyrus/imaps[29923]: starttls: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits reused) no authentication
So AES with 256 bit is now used along with ephemeral Diffie–Hellman for perfect forward secrecy. Same for SMTP, where it now uses ECDHE-RSA-AES256-SHA. Very neat!