On Tue, 24 May 2022 at 17:20, Ben Smyth wrote: > Javadoc advises HandshakeStatus.FINISHED is reported when "a call to > SSLEngine.wrap() / unwrap() ... finishes a handshake." As expected, > > * OpenJDK SSLEngine.wrap() reports HandshakeStatus.FINISHED on wrapping a > client's (TLS) FINISHED message. > > By comparison, rather than report (server) handshake completion upon > unwrapping a client's (TLS) FINISHED message, >
Actually, (server) handshake completion *is* reported upon unwrapping a client's FINISHED message, *but* only when the client's ClientHello message omits extension psk_key_exchange_modes. > Can production of NewSessionTicket be disabled? > Omitting extension psk_key_exchange_modes suppresses NewSessionTicket production, but it doesn't seem possible to disable extension psk_key_exchange_modes for OpenJDK ClientHello messages.
