I could/should report the same issue and we have to fix it in near future because other XMPP-Server vendors and administrators want make TLS for S2S mandatory. (https://github.com/stpeter/manifesto/blob/master/manifesto.txt)
To #2: If the remote server use a self-signed certificate or a CA which is not in our java keychain we need the callback. Maybe there are some other ssl issues in the software of the remote server but I could notice the behavior with some community servers that use CAcert or self-signed certificates. What I want to say: We couldn't put the finger on other projects!
The most of my remote server vendors is ejabberd. The server is really popular and this might be the reason why we could find some issue reports in their tracker too. (all rejected, because they said it's an openfire problem, which I would agree at the moment)
but back to #4: I watched the same handshake behavior like you on my server but I don't saw the mistake of the callback-response. Could you give me a hint what you expect?
(Maybe I have to investigate the debug log again in a xml editor)
I checked out the openfire sourcecode a week ago and looked into the SSL-code. But its quite hard to come into a new codebase and work on such kind of issue. So I planned a debugging session this week with a local OF installation talking to a remote ejabberd-server.
Maybe we could work together on the issue here on the board?