I think I've just found the reason why we can not migrate in OpenSSL by default :(In server scenario we obtain SSLContext (the one from JDK; Netty has similar SslContext) from WildFly. It is already configured along with sercurity realms, domains etc. We then get into this branch of code [1].In order to do fancy things like SNI we need to remap JDK's SSLContext into Netty's SslContext and the only implementation that can consume SSLContext we have at hand is JdkSslContext.I honestly have no idea how we could refactor this... And that's a shame because OpenSSL is way faster...