I've just took a look at re-handshaking in TLS and it looks like a total mess. You need to pause all the transport flow and handle tons of corner cases. In Go they refused to add re-handshaking support for not to over-complicate the state machine but still had to because Azure needed it.