The statement in RFC 2246 is certainly applicable to special SSL ports. For example: [...] application protocols which are secured by TLS 1.0, SSL 3.0, and SSL 2.0 all frequently share the same connection port: for example, the https protocol (HTTP secured by SSL or TLS) uses port 443 regardless of which security protocol it is using. talks about the https port. The IMAP equivalent for this is the imaps port (port 993).
STARTTLS, on the other hand, is done on the imap port (port 143) which is NOT "the same connection port" referred to above. RFC 2246 does not claim applicability to STARTTLS functionality in IMAP, POP3, SMTP, etc. There are also abundant reasons *NOT* to use the SSLv23 server method in STARTTLS; the decision was not made capriciously. Nor was it made by me alone; our representative in the IETF security groups was adamant about not doing SSL over STARTTLS. Let me put it another way: what benefit do you feel is gained by changing STARTTLS to use the SSLv23 server method? STARTTLS is in extensive production use today, so clients are using the correct TLSv1 method.
