One problem with this code is that the caller must clean the buffer
before connection attempts, as messages matching tls-refused or
tls-unresolvable may stay there between connections.  I doubt
open-network-stream requires that.

If you don't think tls.el should have a patch like this, then the
comment claiming "Usage is the same as `open-network-stream'" should
be revised.

Thanks for looking at this again

  Carl Henrik