STARTTLS is, technically speaking, a capability that can be spoofed (for clients or users that trust otherwise invalid certificates), and therefore the recommended configuration for clients is to use implicit SSL on port 993.
Let Guam also support implicit SSL for listeners configured either on port 993, or when configured so explicitly.