I found a difference between JDKb20 and JDKb15 in the timing of handshake failure when the application protocol negotiation fails.
Specifically, the behavior change is when the *SSLHandshakeException* is thrown,
 
For TLSv1.2 ( with JDKb15), it is thrown immediately when server encounters the fatal error and *tries to send the fatal error to peer*
For TLSv1.3 or TLSv1.2 (JDKb20), it is thrown after the server *successfully* sends the fatal error and *fails during when client receives the fatal error*
 
For TLSv1.2 , In pre-JDKb20 (tested with JDKb15),
1. Client wraps 264 bytes and goes to NEED_UNWRAP
2. Server unwraps 264 bytes and goes to NEED_TASK
3. Server runs delegated tasks and fails with fatal error: no_application_protocol (from logs), but API from java does not throw any error yet, and status changes to NEED_WRAP
4. Server tries to wrap and the “wrap” call throws SSLHandshakeException: No matching ALPN values
 
For TLS 1.3/TLSv1.2 (JDKb20),
1. Client wraps 437 bytes and goes to NEED_UNWRAP
2. Server unwraps 437 bytes and goes to NEED_TASK
3. Server runs delegated tasks and fails with Fatal (NO_APPLICATION_PROTOCOL) (from logs), but API from java does not throw any error yet ,and status changes to NEED_WRAP
4. Server wraps 7 bytes and goes to NOT_HANDSHAKING (over all status to CLOSED) and DOES NOT throw SSLHandshakeException - THIS IS THE CHANGE IN BEHAVIOR FROM TLSv1.2
5. Client tries to unwrap 7 bytes and “unwrap” call throws SSLHandshakeException: Received fatal alert: no_application_protocol