--- a/src/java.base/share/classes/sun/security/ssl/SSLEngineImpl.java	Wed Jul 17 13:41:12 2019 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/SSLEngineImpl.java	Wed Jul 17 14:37:50 2019 -0700
@@ -344,6 +344,12 @@
             hsStatus = tryKeyUpdate(hsStatus);
         }
 
+        // Check if NewSessionTicket PostHandshake message needs to be sent
+        if (conContext.conSession.updateNST &&
+                !conContext.sslConfig.isClientMode) {
+            hsStatus = tryNewSessionTicket(hsStatus);
+        }
+
         // update context status
         ciphertext.handshakeStatus = hsStatus;
 
@@ -397,6 +403,29 @@
         return currentHandshakeStatus;
     }
 
+    // Try to generate a PostHandshake NewSessionTicket message.  This is
+    // TLS 1.3 only.
+    private HandshakeStatus tryNewSessionTicket(
+            HandshakeStatus currentHandshakeStatus) throws IOException {
+        // Don't bother to kickstart if handshaking is in progress, or if the
+        // connection is not duplex-open.
+        if ((conContext.handshakeContext == null) &&
+                conContext.protocolVersion.useTLS13PlusSpec() &&
+                !conContext.isOutboundClosed() &&
+                !conContext.isInboundClosed() &&
+                !conContext.isBroken) {
+            if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
+                SSLLogger.finest("trigger NST");
+            }
+            conContext.conSession.updateNST = false;
+            NewSessionTicket.kickstartProducer.produce(
+                    new PostHandshakeContext(conContext));
+            return conContext.getHandshakeStatus();
+        }
+
+        return currentHandshakeStatus;
+    }
+
     private static void checkParams(
             ByteBuffer[] srcs, int srcsOffset, int srcsLength,
             ByteBuffer[] dsts, int dstsOffset, int dstsLength) {