TL;DR: Why does a client report HandshakeStatus.FINISHED twice? Can production of NewSessionTicket be disabled?
A client (respectively server) becomes ready to encrypt application data upon completing their side of handshaking: "Once a side has sent its Finished message and has received and validated the Finished message from its peer, it may begin to send and receive Application Data over the connection" (RFC8446); a client completes handshaking upon wrapping a FINISHED message and a server completes upon unwrapping such a message. (There's an exception for 0-RTT data, and another for a server operating with reduced security.) Javadoc advises HandshakeStatus.FINISHED is reported when "a call to SSLEngine.wrap() / unwrap() ... finishes a handshake." As expected, * OpenJDK SSLEngine.wrap() reports HandshakeStatus.FINISHED on wrapping a client's (TLS) FINISHED message. By comparison, rather than report (server) handshake completion upon unwrapping a client's (TLS) FINISHED message, HandshakeStatus.NEED_WRAP is reported, a NewSessionTicket is produced on wrapping and * OpenJDK SSLEngine.wrap() reports HandshakeStatus.FINISHED on wrapping a server's (TLS) NewSessionTicket message. Upon receipt of which, * OpenJDK SSLEngine.unwrap() reports HandshakeStatus.FINISHED on unwrapping a server's (TLS) NewSessionTicket message. What does finishing a handshake mean in SSLEngine parlance? (I don't understand why a client should report finishing twice.) Can production of NewSessionTicket be disabled?
