diff --git a/categories.txt b/categories.txt
index a611f57736..46dc9dc865 100644
--- a/categories.txt
+++ b/categories.txt
@@ -20,6 +20,7 @@ connect() callback never called when invalid pfx provided:
 - ServerHandlers handshake() doesn't disconect for non-ECONNRESEET error? test-tls-hello-parser-failure.js
 - takes 18s in bun but 300ms in node: test-gc-tls-external-memory.js
 - client.on("session") never called?: test-tls-secure-session.js
+- SNICallback not supported: test-tls-starttls-server.js
 
 createSecurePair not implemented:
 These tests are removed in new node versions:
diff --git a/test/js/node/test/parallel/test-tls-starttls-server.js b/test/js/node/test/parallel/test-tls-starttls-server.js
new file mode 100644
index 0000000000..d9a1c02fc8
--- /dev/null
+++ b/test/js/node/test/parallel/test-tls-starttls-server.js
@@ -0,0 +1,48 @@
+'use strict';
+
+// Test asynchronous SNI+OCSP on TLSSocket created with `server` set to
+// `net.Server` instead of `tls.Server`
+
+const common = require('../common');
+
+if (!common.hasCrypto)
+  common.skip('missing crypto');
+
+const assert = require('assert');
+const net = require('net');
+const tls = require('tls');
+const fixtures = require('../common/fixtures');
+
+const key = fixtures.readKey('agent1-key.pem');
+const cert = fixtures.readKey('agent1-cert.pem');
+
+const server = net.createServer(common.mustCall((s) => {
+  const tlsSocket = new tls.TLSSocket(s, {
+    isServer: true,
+    server: server,
+
+    secureContext: tls.createSecureContext({ key, cert }),
+
+    SNICallback: common.mustCall((hostname, callback) => {
+      assert.strictEqual(hostname, 'test.test');
+
+      callback(null, null);
+    })
+  });
+
+  tlsSocket.on('secure', common.mustCall(() => {
+    tlsSocket.end();
+    server.close();
+  }));
+})).listen(0, () => {
+  const opts = {
+    servername: 'test.test',
+    port: server.address().port,
+    rejectUnauthorized: false,
+    requestOCSP: true
+  };
+
+  tls.connect(opts, function() {
+    this.end();
+  });
+});