Security policies "TLS on special port"

I wonder if there is an FAQ is was missing… what exactly is the difference between

  1. “Use SSL/TLS on special port (legacy)”
  2. and the other policies: force TLS/use TLS if available
    I imagine that the “Force usage of SSL/TLS” (2) actually is STARTTLS and (1) is the pre-STARTTLS policy using submission ports… am I correctly guessing?

it’s exactly as you said, Force usage first opens an unsecure connection and then uses STARTTLS to switch to the secure connection, and if server doesn’t support SSL/TLS it won’t connect to the secured connection. Legacy opens the secure connection immediately using different ports, where SSL/TLS is enabled from the start.

Hope this helps,