This topic has not yet been written. The content below is from the topic description.
2.4.2. SSL / TLS Support Unlike old blocking I/O, it is a non-trivial task to support SSL in NIO. You can't simply wrap a stream to encrypt or decrypt data but you have to use javax.net.ssl.SSLEngine. SSLEngine is a state machine which is as complex as SSL is. You have to manage all possible states such as cipher suite and encryption key negotiation (or re-negotiation), certificate exchange and validation. Moreover, SSLEngine is not even completely thread-safe unlike usual expectation. In Netty, SslHandler takes care of all the gory details and pitfalls of SSLEngine.