Blocking Tasks

During handshaking, the SSLEngine might encounter tasks that might block or take a long time. For example, a TrustManager may need to connect to a remote certificate validation service, or a KeyManager might need to prompt a user to determine which certificate to use as part of client authentication. To preserve the non-blocking nature of SSLEngine, when the engine encounters such a task, it will return SSLEngineResult.HandshakeStatus.NEED_TASK. Upon receiving this status, the application should invoke SSLEngine.getDelegatedTask() to get the task, and then, using the threading model appropriate for its requirements, process the task. The application might, for example, obtain thread(s) from a thread pool to process the task(s), which the main thread goes about handling other I/O.

Here is an example that executes each task in a newly created thread.
if (res.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NEED_TASK) {
 Runnable task;
 while ((task=engine.getDelegatedTask()) != null) {
  new Thread(task).start();
 }
} 

The engine will block future wrap/unwrap calls until all of the outstanding tasks are completed.