Just an interesting observation I had about this once when I noticed that kernel quic implementations weren't very fast.
KTLS is mostly useful if paired with sendfile (I'm ignoring io_uring because I'm not as up to date on that). Otherwise you have to context switch back to userspace constantly.
Assuming the files are encrypted anyway for DRM reasons: why should static content like movies be TLSed? I know I know, "TLS all the things", but it sounds like a high cost at Netflix scale.
I refused to connect my TV to the internet and use a Vero V for all of my watching needs. The Vero V is absolutely worse than most other experiences, but I'm happy.
It seems like it took engineering work, but TLS isn't their bottleneck when the data flow is structured correctly for the hardware (which is kind of the thesis of a lot of the Netflix CDN node optimization stuff).