TLS requires both end points to have received and processed their peer`s Change Cipher Spec and Finished messages before starting to transfer their bulk encrypted data. It needs the Finished message to validate its peer`s identify. To save one round-trip time, an endpoint after having sent its Finished message could start sending its encrypted data using that cipher specification.
wolfSSL currently does not directly support TLS False Start, but it is tolerant of a peer sending its data immediately after sending its Finished message. It just will not send encrypted data to its peer until it has completed its handshake.
Do you need wolfSSL to handle TLS False Start? Contact us at facts@wolfssl.com.