I see that this is a very active forum ;) still, a question for posterity: older Instant Messaging servers (with iim.conf files) allowed to configure both XMPP plaintext and XMPPS "legacy SSL" (typically as 5222/tcp and 5223/tcp). Current Instant Messaging 9 server (with iim.xml file) does not accept my configuration attempts to add a separate listener. Is this by design?
The nearest I can get to providing both an "open" and a secured endpoints to the service is STARTTLS, or either stunnel or two "federated" installations of IM (open and legacy-SSL).
For some reasons which I'll dig into later, I failed to set up any of secure XMPP methods with IM 9, but the stunnel worked straightforwardly (compiles easily, SMF wrapper available at http://java.net/projects/solaris-userland/sources/gate/content/components/stunnel/files/stunnel.xml with minimal editing to customize - just configure and leave it to work).