I don't know answer on your question. Most probably this is not possible.
Something on topic (which maybe could help) :
1) you can set want-client-auth=true on Elytron ssl-context which does not stop communication in case if you do not provide certificate (compared to need-client-auth=true)
2) I have never tried that, but noticed currently you can configure multiple servers in undertow subsystem that should enable you to have different Elytron ssl contexts on different https-listeners (different ports)