In protocol.c, function smtp_server(), a test for plain SSL or STARTTLS usage (RFC 2487) is based on the availability of data from the client (c->local_rfd.fd). This works well in fast LANs but often fails for WAN connections through slow V90 modems. Especially with new Mozilla-based clients (also KMail and Evolution reported by other users) under Windows XP SP2 the test for data fails almost always, incorrectly resulting in an RFC 2487 handshake with error "Unknown client EHLO". This depends to some extent on the client: Outlook Express mostly works, Mozilla 1.7.x often worked after initial failure, SeaMonkey 1.x always fails.
This seems to be a timing problem. I tried inserting a "usleep(50000);" before the switch(s_poll_wait(...)), which made SSL work with SeaMonkey (but often not for the first mail-sending attempt). Unfortunately, in Solaris 7 (where I tested stunnel), usleep is not yet thread-safe, maybe nanosleep(...,...) is preferable. Instead of waiting, a better method would be to have a finer timeout resolution than 1 sec in s_poll_wait(...,...); setting the timeout to 1 (sec) would be too embarrassing for TLS connections. But this would require major changes in the sources.