In TLS 1.2, the client could not receive NewSessionTicket because it did not advertise the session_ticket extension (RFC 5077). The only post-handshake message it could receive from the server is a HelloRequest message.
In TLS 1.3, the NST message is part of the protocol and does not need an extension. This means that the code must be prepared to accept other post-handshake Handshake messages. In particular:
NewSessionTicket
KeyUpdate
CertificateRequest (only if client advertises post_handshake_auth).
Currently it sends a no_renegotiation alert while it should probably be sending an unexpected_message alert (or handle the message).
In TLS 1.2, the client could not receive NewSessionTicket because it did not advertise the session_ticket extension (RFC 5077). The only post-handshake message it could receive from the server is a HelloRequest message.
In TLS 1.3, the NST message is part of the protocol and does not need an extension. This means that the code must be prepared to accept other post-handshake Handshake messages. In particular:
post_handshake_auth).Currently it sends a no_renegotiation alert while it should probably be sending an unexpected_message alert (or handle the message).
Related: https://github.com/golang/go/issues/19199