`STARTTLS` is, technically speaking, a capability that can be spoofed (for clients or users that trust otherwise invalid certificates), and therefore the recommended configuration for clients is to use implicit SSL on port 993.
Let #guam also support implicit SSL for listeners configured either on port 993, or when configured so explicitly.