Find a better way to decide when to switch from handshake-packet to 1RTT packet

[ddragana]

On the client side: nss writes tls finish message to stream 0 and after that sets the connection state to CONNECTED. The last handshake messages will be encrypted after the connection has changed to the CONNECTED state.

On the server side (if session tickets are used): after receiving the client finish message, server will write the session ticket tls record to the stream 0 and after that switch to the connected state. When the session ticket message is encrypted server is already in the connected state and it will encrypt the session ticket message with 1RTT keys.

The constellation seems good for the server side, but odd for the client side, because it should use handshake message although the connection is the CONNECTED state.

it would be good to be able to marked data correctly (handshake or 1RTT packet data) at the time they are written to stream 0 without inspecting tls records.
it is working currently but can be improved (except for a tls alert from a client after connection has been established).