* and the implementation should respond with a new request that sets the "Authorization" header.
 *
 * ```java
 * if (response.request().header("Authorization") != null) {
 *   return null; // Give up, we've already failed to authenticate.
 * }
 *
 * String credential = Credentials.basic(...)
 * return response.request().newBuilder()
 *     .header("Authorization", credential)
 *     .build();
 * ```
 *

          override fun authenticate(
            route: Route?,
            response: Response,
          ): Request? {
            if (response.request.header("Authorization") != null) {
              return null // Give up, we've already attempted to authenticate.
            }

            println("Authenticating for response: $response")
            println("Challenges: ${response.challenges()}")

          if (labels[currentLabelIndex].size == currentLabelByteIndex) {
            // We've exhausted our current label. Either there are more labels to compare, in which
            // case we expect a dot as the next character. Otherwise, we've checked all our labels.
            if (currentLabelIndex == labels.size - 1) {
              break
            } else {

    val bufferB = Buffer()
    bufferA.writeUtf8("Dodgson!\n")
    operatorA.write(0, bufferA, 9)
    bufferB.writeUtf8("You shouldn't use my name.\n")
    operatorB.write(9, bufferB, 27)
    bufferA.writeUtf8("Dodgson, we've got Dodgson here!\n")
    operatorA.write(36, bufferA, 33)
    operatorB.read(0, bufferB, 9)
    assertThat(bufferB.readUtf8()).isEqualTo("Dodgson!\n")
    operatorA.read(9, bufferA, 27)

  public Authenticate() {
    client = new OkHttpClient.Builder()
        .authenticator((route, response) -> {
          if (response.request().header("Authorization") != null) {
            return null; // Give up, we've already attempted to authenticate.
          }

          System.out.println("Authenticating for response: " + response);
          System.out.println("Challenges: " + response.challenges());

    while (hasNextProxy()) {
      // Postponed routes are always tried last. For example, if we have 2 proxies and all the
      // routes for proxy1 should be postponed, we'll move to proxy2. Only after we've exhausted
      // all the good routes will we attempt the postponed routes.
      val proxy = nextProxy()
      for (inetSocketAddress in inetSocketAddresses) {
        val route = Route(address, proxy, inetSocketAddress)

import java.util.concurrent.atomic.AtomicBoolean
import okio.ByteString
import okio.Source
import okio.buffer

internal abstract class BasePublicSuffixList : PublicSuffixList {
  /** True after we've attempted to read the list for the first time. */
  private val listRead = AtomicBoolean(false)

  /** Used for concurrent threads reading the list for the first time. */
  private val readCompleteLatch = CountDownLatch(1)

        if (verifySignature(toVerify, signingCert, result.size - 1)) {
          i.remove()
          result.add(signingCert)
          continue@followIssuerChain
        }
      }

      // We've reached the end of the chain. If any cert in the chain is trusted, we're done.
      if (foundTrustedCertificate) {
        return result
      }

      // The last link isn't trusted. Fail.

        System.out.printf("XXX: %s %s%n", url, e);
      } finally {
        currentThread.setName(originalName);
      }
    }
  }

  public void fetch(HttpUrl url) throws IOException {
    // Skip hosts that we've visited many times.
    AtomicInteger hostnameCount = new AtomicInteger();
    AtomicInteger previous = hostnames.putIfAbsent(url.host(), hostnameCount);
    if (previous != null) hostnameCount = previous;

TLS Configuration History
=========================

OkHttp tracks the dynamic TLS ecosystem to balance connectivity and security. This page is a log of
changes we've made over time to OkHttp's default TLS options.

[OkHttp 3.14][OkHttp314]
------------------------

_2019-03-14_

Remove 2 TLSv1.3 cipher suites that are neither available on OkHttp’s host platforms nor enabled in releases of Chrome and Firefox.

##### RESTRICTED_TLS cipher suites