2 files changed, 33 insertions, 8 deletions

diff --git a/ext/net/02_tls.js b/ext/net/02_tls.js
index 9f8fb314c..df7923f4c 100644
--- a/ext/net/02_tls.js
+++ b/ext/net/02_tls.js
@@ -23,6 +23,16 @@
     return core.opAsync("op_start_tls", args);
   }
 
+  function opTlsHandshake(rid) {
+    return core.opAsync("op_tls_handshake", rid);
+  }
+
+  class TlsConn extends Conn {
+    handshake() {
+      return opTlsHandshake(this.rid);
+    }
+  }
+
   async function connectTls({
     port,
     hostname = "127.0.0.1",
@@ -41,13 +51,13 @@
       certChain,
       privateKey,
     });
-    return new Conn(res.rid, res.remoteAddr, res.localAddr);
+    return new TlsConn(res.rid, res.remoteAddr, res.localAddr);
   }
 
-  class TLSListener extends Listener {
+  class TlsListener extends Listener {
     async accept() {
       const res = await opAcceptTLS(this.rid);
-      return new Conn(res.rid, res.remoteAddr, res.localAddr);
+      return new TlsConn(res.rid, res.remoteAddr, res.localAddr);
     }
   }
 
@@ -67,7 +77,7 @@
       transport,
       alpnProtocols,
     });
-    return new TLSListener(res.rid, res.localAddr);
+    return new TlsListener(res.rid, res.localAddr);
   }
 
   async function startTls(
@@ -80,13 +90,14 @@
       certFile,
       caCerts,
     });
-    return new Conn(res.rid, res.remoteAddr, res.localAddr);
+    return new TlsConn(res.rid, res.remoteAddr, res.localAddr);
   }
 
   window.__bootstrap.tls = {
     startTls,
     listenTls,
     connectTls,
-    TLSListener,
+    TlsConn,
+    TlsListener,
   };
 })(this);
diff --git a/ext/net/lib.deno_net.d.ts b/ext/net/lib.deno_net.d.ts
index 45f1194fb..1b67fcf22 100644
--- a/ext/net/lib.deno_net.d.ts
+++ b/ext/net/lib.deno_net.d.ts
@@ -33,6 +33,13 @@ declare namespace Deno {
     [Symbol.asyncIterator](): AsyncIterableIterator<Conn>;
   }
 
+  /** Specialized listener that accepts TLS connections. */
+  export interface TlsListener extends Listener, AsyncIterable<TlsConn> {
+    /** Waits for a TLS client to connect and accepts the connection. */
+    accept(): Promise<TlsConn>;
+    [Symbol.asyncIterator](): AsyncIterableIterator<TlsConn>;
+  }
+
   export interface Conn extends Reader, Writer, Closer {
     /** The local address of the connection. */
     readonly localAddr: Addr;
@@ -45,6 +52,13 @@ declare namespace Deno {
     closeWrite(): Promise<void>;
   }
 
+  export interface TlsConn extends Conn {
+    /** Runs the client or server handshake protocol to completion if that has
+     * not happened yet. Calling this method is optional; the TLS handshake
+     * will be completed automatically as soon as data is sent or received. */
+    handshake(): Promise<void>;
+  }
+
   export interface ListenOptions {
     /** The port to listen on. */
     port: number;
@@ -90,7 +104,7 @@ declare namespace Deno {
    * ```
    *
    * Requires `allow-net` permission. */
-  export function listenTls(options: ListenTlsOptions): Listener;
+  export function listenTls(options: ListenTlsOptions): TlsListener;
 
   export interface ConnectOptions {
     /** The port to connect to. */
@@ -150,7 +164,7 @@ declare namespace Deno {
    *
    * Requires `allow-net` permission.
    */
-  export function connectTls(options: ConnectTlsOptions): Promise<Conn>;
+  export function connectTls(options: ConnectTlsOptions): Promise<TlsConn>;
 
   /** Shutdown socket send operations.
    *