S2S: Allow for StartTLS on DirectTLS port

When DNS SRV records are misconfigured, connections that are expected to receive DirectTLS data could receive non-encrypted data (optionally to be encrypted with StartTLS later).

Openfire should be lenient, and allow StartTLS on the DirectTLS port.