Carsten,
Since I know there is nothing wrong with the app
I won't be doing *all* the work for you.
But I did post a theory above (about SHA256) and it's consistent with your nmap output.
To complete this line of thought, please open the SSLSocket documentation and try to find any cipher with SHA256 or SHA384 which has "supported" lower than 20+ (API level 20 is Android 5.0). You won't be able to, there are none (unless I'm blind).
Or you can work it in reverse:
The actual list of ciphers enabled by AquaMail on the socket is under "Setting SSL ciphers", you won't find any of your ciphers there.
Or yet another way:
Look at the log under "Hardening reorder", it's a bit hard to pick apart, but it goes like this:
"Hardening reorder:
[list of ciphers supported by the device
], [the list of all ciphers known to AquaMail in hardening order
], [blacklisted ciphers
]"
You will see that none of your server ciphers appear on the supported list.