Post-Handshake Messages
The client and server can send other messages after the handshake: new session ticket message, post-handshake authentication, and key update.
New Session Ticket Message
The NewSessionTicket message, sent by the server after it receives the Finished message, contains a pre-shared key that the client then may use for future handshakes. See Session resumption with a pre-shared key.
Post-Handshake Authentication
If client sent the post_handshake_auth extension, the server may request client authentication at any time after the handshake by sending a CertificateRequest message. If the client authenticates, then it must send Certificate, CertificateVerify, and Finished messages. If the client declines, then it must send a Certificate message that contains no certificates and the Finished message.
KeyUpdate Message
The KeyUpdate handshake message is used to indicate that the sender is updating its sending cryptographic keys. It replaces the ChangeCipherSpec message in TLS 1.2.
You can specify a limit on the amount of data an algorithm may encrypt with a specific set of
keys with the jdk.tls.keyLimits
Security Property. See Limiting the amount of data that algorithms can encrypt with a set of keys.