There does not seem to be a public API for replacing the transport of the StreamReader / StreamWriter provided to the callback of a call to asyncio.start_server().
The only way I have found to use the new SSL transport is to update protected members of the StreamReaderProtocol object, e.g.:
async def callback(reader, writer):
loop = asyncio.get_event_loop()
transport = writer.transport
protocol = transport.get_protocol()
new_transport = await loop.start_tls(
transport, protocol, ssl_context, server_side=True)
protocol._stream_reader = StreamReader(loop=loop)
protocol._client_connected_cb = do_stuff_after_start_tls
protocol.connection_made(new_transport)
async def do_stuff_after_start_tls(ssl_reader, ssl_writer): ...