Port 587 (submission) is not used for direct TLS connection, but you need to do a plain connect, read SMTP welcome, send EHLO and read response and then issue a STARTTLS command and read response. Only then (and only after successful response to STARTTLS) you can upgrade the existing socket to TLS. With the Perl tool swaks you can see the dialog:
=== Trying smtp.mail.yahoo.com:587...
=== Connected to smtp.mail.yahoo.com.
<- 220 smtp.mail.yahoo.com ESMTP ready
-> EHLO my.hostname
<- 250-smtp.mail.yahoo.com
<- 250-PIPELINING
<- 250-SIZE 41697280
<- 250-8 BITMIME
<- 250 STARTTLS
-> STARTTLS
<- 220 2.0.0 Start TLS
=== TLS started with cipher TLSv1:RC4-SHA:128
=== TLS no local certificate set
=== TLS peer DN="/C=US/ST=CA/L=Sunnyvale/O=Yahoo! Inc./OU=Yahoo Mail/CN=smtp.mail.yahoo.com"
If you want to do a direct SSL connect you have to use port 465 (smtps).