encapsulation enabled.
 *  Fix: Strictly verify hostnames used with OkHttp's `HostnameVerifier`. Programs that make direct
    manual calls to `HostnameVerifier` could be defeated if the hostnames they pass in are not
    strictly ASCII. This issue is tracked as [CVE-2021-0341].


## Version 4.9.1

_2021-01-30_

 *  Fix: Work around a crash in Android 10 and 11 that may be triggered when two threads

    // with MD5 or 512-bit RSA; that's insecure!
    //
    // openssl req \
    //   -x509 \
    //   -md5 \
    //   -nodes \
    //   -days 1 \
    //   -newkey rsa:512 \
    //   -keyout privateKey.key \
    //   -out certificate.crt
    val certificatePem =
      """
      |-----BEGIN CERTIFICATE-----

    @JvmField val TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 = init("TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", 0x00a2)

    @JvmField val TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 = init("TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", 0x00a3)

    // @JvmField val TLS_DH_DSS_WITH_AES_128_GCM_SHA256 = init("TLS_DH_DSS_WITH_AES_128_GCM_SHA256", 0x00a4)
    // @JvmField val TLS_DH_DSS_WITH_AES_256_GCM_SHA384 = init("TLS_DH_DSS_WITH_AES_256_GCM_SHA384", 0x00a5)

    }.also { expected ->
      assertThat(expected).hasMessage("unexpected characters after boundary")
    }
  }

  /** The documentation advises that '-' is the simplest boundary possible. */
  @Test fun `dash boundary`() {
    val multipart =
      """
      |---
      |Content-ID: abc
      |
      |abcd
      |---
      |Content-ID: efg
      |
      |efgh
      |-----

    server.enqueue(MockResponse().setSocketPolicy(SocketPolicy.DISCONNECT_DURING_REQUEST_BODY))
    // Limit the size of the request body that the server holds in memory to an arbitrary
    // 3.5 MBytes so this test can pass on devices with little memory.
    server.bodyLimit = 7 * 512 * 1024
    val connection = server.url("/").toUrl().openConnection() as HttpURLConnection
    connection.setRequestMethod("POST")
    connection.setDoOutput(true)

 * seconds:
 *
 * ```java
 * Request request = new Request.Builder()
 *     .cacheControl(new CacheControl.Builder()
 *         .maxStale(365, TimeUnit.DAYS)
 *         .build())
 *     .url("http://publicobject.com/helloworld.txt")
 *     .build();
 * ```
 *
 * The [CacheControl] class can configure request caching directives and parse response caching

http:a:******@****.***  s:http u:a pass:b h:www.example.com p:/
http:/a:******@****.***  s:http u:a pass:b h:www.example.com p:/
http://a:******@****.***  s:http u:a pass:b h:www.example.com p:/
http://@pple.com  s:http h:pple.com p:/
http::******@****.***  s:http pass:b h:www.example.com p:/
http:/:******@****.***  s:http pass:b h:www.example.com p:/
http://:******@****.***  s:http pass:b h:www.example.com p:/

    // [distinguished_name]
    // [req_extensions]
    // [x509_extensions]
    // subjectAltName=DNS:localhost.localdomain,DNS:localhost,IP:127.0.0.1
    //
    // $ openssl req -x509 -nodes -days 36500 -subj '/CN=localhost' -config ./cert.cnf \
    //     -newkey rsa:512 -out cert.pem
    val certificate =
      certificate(
        """
        -----BEGIN CERTIFICATE-----

   * This avoids sending potentially sensitive data like HTTP cookies to the proxy unencrypted.
   *
   * In order to support preemptive authentication we pass a fake "Auth Failed" response to the
   * authenticator. This gives the authenticator the option to customize the CONNECT request. It can
   * decline to do so by returning null, in which case OkHttp will use it as-is.
   */

    connection is attempted.
 *  New: Support [WebDAV][webdav] HTTP methods.
 *  New: Buffer WebSocket frames for better performance.
 *  New: Drop support for `TLS_DHE_DSS_WITH_AES_128_CBC_SHA`, our only remaining
    DSS cipher suite. This is consistent with Firefox and Chrome which have also
    dropped these cipher suite.

## Version 2.5.0

_2015-08-25_