In the class SSLSocketImpl, the setting of the flag inHandshake and its checking are not synchronized which may cause race conditions between threads that can mess up the state machine of the SSLSocket.

Also, currently setUseClientMode is the only method that checks the value of this flag. It might also be necessary to check this flag (in a synchronized fashion) in other methods such as setEnableSessionCreation, setNeedClientAuth, and setEnabledCipherSuites.