I finally found a solution for this requirement by working on a different subject. Actually, this behaviour is already implemented in Java, at least from 23.x on. For lower versions I don't know. However, to get it working, you need to populate SNIMatchers in SSLParameters class. SNIMatchers are used in ServerNameExtension to reflect the above behaviour. Since Tomcat does not populate SNIMatchers itself (which IMHO is a bug), you need to do it on your own.

Please see this thread for further details, which addresses the issue: How to set SNIMatcher when using Spring Boot, correctly?