What is the security impact on first request while using https for Java client?
In webapplications, the first request is a url like https://xyz.abc.com/myapp/login This request itself will ensure that https connection is ready. We then send the credentials on https using POST and we can be sure that the request will not be intercepted as the https is already connected.
In the case of a java client connecting to Web Service, I can directly make the very first request as a POST request along with user credentials to a https url like https://xyz.abc.com/myservice/loginservice
Will the POST body of this first https request be confidential? Will the https handshake be completed before the request body is sent? If this is not the case, then should we use a dummy https request to first establish the connection and then make a second request with the credentials?
This is related to my other question here: Securing REST Web Service using token (Java)
