That looks like a good start, but can we drop even more? DES? Camellia? IDEA? MD5?

Good start my ass, you haven't actually tried any of your "suggestions," have you?

no-md5 doesn't currently work:

    "_EVP_md5", referenced from ...

no-des doesn't currently work either, the following test fails the build:

    enveloped content test streaming S/MIME format, 3 recipients: generation error

