Switching to OpenSSL 3.0 would remove the license issue (as 3.0 is Apache licensed), but it is still alpha and in experimental only.
https://packages.debian.org/source/experimental/openssl I've suggested upstream they would support system WolfSSL but it hasn't been a priority so far and I am not sure how much work it would require. https://jira.mariadb.org/browse/MDEV-21835
