--- old/src/java.base/share/classes/sun/security/ssl/Finished.java	2018-07-10 13:46:08.794516592 +0100
+++ new/src/java.base/share/classes/sun/security/ssl/Finished.java	2018-07-10 13:46:08.318516592 +0100
@@ -32,14 +32,21 @@
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 import java.security.ProviderException;
+import java.security.cert.X509Certificate;
 import java.security.spec.AlgorithmParameterSpec;
 import java.text.MessageFormat;
 import java.util.Locale;
+import java.util.stream.Collectors;
+import java.util.stream.Stream;
 import javax.crypto.KeyGenerator;
 import javax.crypto.Mac;
 import javax.crypto.SecretKey;
 import javax.crypto.spec.IvParameterSpec;
 import javax.crypto.spec.SecretKeySpec;
+import javax.net.ssl.SSLPeerUnverifiedException;
+
+import jdk.internal.event.EventHelper;
+import jdk.internal.event.TLSHandshakeEvent;
 import sun.security.internal.spec.TlsPrfParameterSpec;
 import sun.security.ssl.CipherSuite.HashAlg;
 import static sun.security.ssl.CipherSuite.HashAlg.H_NONE;
@@ -548,6 +555,7 @@
 
                 // handshake context cleanup.
                 chc.handshakeFinished = true;
+                recordEvent(chc.conContext.conSession);
 
                 // May need to retransmit the last flight for DTLS.
                 if (!chc.sslContext.isDTLS()) {
@@ -597,6 +605,7 @@
 
                 // handshake context cleanup.
                 shc.handshakeFinished = true;
+                recordEvent(shc.conContext.conSession);
 
                 // May need to retransmit the last flight for DTLS.
                 if (!shc.sslContext.isDTLS()) {
@@ -730,6 +739,8 @@
             // handshake context cleanup.
             chc.handshakeFinished = true;
             chc.conContext.finishHandshake();
+            recordEvent(chc.conContext.conSession);
+
 
             // The handshake message has been delivered.
             return null;
@@ -1063,6 +1074,7 @@
             if (!shc.sslContext.isDTLS()) {
                 shc.conContext.finishHandshake();
             }
+            recordEvent(shc.conContext.conSession);
 
             //
             // produce
@@ -1074,4 +1086,24 @@
 
         }
     }
+
+    private static void recordEvent(SSLSessionImpl session) {
+        TLSHandshakeEvent event = new TLSHandshakeEvent();
+        if (event.isEnabled() || EventHelper.isLoggingSecurity()) {
+            String certIDs = "";
+            try {
+                certIDs = Stream.of(session.getPeerCertificates())
+                        .filter(c -> c instanceof X509Certificate)
+                        .map(c -> (X509Certificate) c)
+                        .map(c -> c.getSerialNumber().toString(16))
+                        .collect(Collectors.joining(", "));
+            } catch (SSLPeerUnverifiedException e) {
+                certIDs = e.getMessage(); // not verified msg
+}
+
+            EventHelper.commitTLSHandshakeEvent(event, null,
+                    session.getPeerHost(), session.getPeerPort(),
+                    session.getCipherSuite(), session.getProtocol(), certIDs);
+        }
+    }
 }