It seems odd to say my SSL client is "bad" because it supports ciphers that are bad along with ciphers that are better. That will only be an issue if that's all the server supports, and they can't actually think that downgrading to plaintext in that situation would be "better", can they? (Then again maybe they can -- exim used to downgrade to plaintext if it didn't trust the cert...)