Exim

How does telnet connect to work via ssl protocol?

Hello, there is a theoretical question for solving an applied problem.
recently MTA Exim ships with GNU-TLS instead of OpenSSL.
It would be desirable to understand the principle of operation of network connections.
Example: 25 port:
telnet otherhost 25
Connection on SSL protocol.

openssl s_client -connect sub.example-one.org:465
...
 Start Time: 1448072426
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)
---
220 mail.otherhost.com ESMTP Exim 4.84 Sat, 21 Nov 2015 05:20:26 +0300

Same SSL

gnutls-cli -p 443 sub.example-one.org
....
- Status: The certificate is NOT trusted. The certificate issuer is unknown. The name in the certificate does not match the expected. 
*** PKI verification of server certificate failed...
*** Fatal error: Error in the certificate.
*** Handshake has failed
GnuTLS error: Error in the certificate.

I understand that many clients do not connect using the OpenSSL and GnuTLS commands, but how then does such a connection occur?

[email protected]:/var/log# telnet otherhost.com 465
Trying 5.39.81.129...
Connected to otherhost.com.
Escape character is '^]'.

there is nothing to see and it is not clear what to do next.
The problem is that OpenSSl and GnuTLS have different levels of default certificate trust, and what works with the former gives an error on the latter.
Accordingly, the problem can be solved in different ways (possibly)
1) How to generate (self-signed) certificates that GnuTLS will accept
2) Is it possible to set the GnuTLS configuration to run with the --tofu (trust) parameter whenever it is called by the program.
3) How can I simulate an SSL/TLS request via Telnet without calling OpenSSL and GnuTls.