I'm trying to tunnel tls via a text-only communication channel (I thought about using base64) but I cannot seem to find a tls server example that doesn't use SSLSocket.
For a tls client I was able to find the bouncy castle TlsProtocolHandler which is transport agnostic because it just uses an input and output stream, but I couldn't find anything similar for a server tls implementation.
Using SSLSocket:
You can certainly implement your own Socket that is not based on TCP. For example there are Unix socket implementations. Once you have it for your own transport, SSLSocketFactory.createSocket(Socket, ...) can establish an SSLSocket on top of your own Socket.
Using SSLEngine (a bit more complex):
SSLEngine.wrap (and unwrap) work on ByteBuffers. These buffers could come from your own communication channel.
One of the difficulties you may encounter is the mapping of the notion of certificates to your custom transport. Certificates (or more generally proving the identity of the server) is essential to the security of an SSL/TLS channel, to prevent MITM attacks. Identity verification requires both checking the certificate as trusted, and that the identity it's for corresponds to the entity you were trying to reach (hostname verification). Hostname verification isn't enabled by default, but you'd need to find something similar anyway, if you don't have host names (that could be a problem for unix sockets, for example, although using SSL in this case might not make sense anyway).
