sslSocket.enabledProtocols.intersect(tlsVersionsAsString, naturalOrder())
      } else {
        sslSocket.enabledProtocols
      }

    // In accordance with https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00 the SCSV
    // cipher is added to signal that a protocol fallback has taken place.
    val supportedCipherSuites = sslSocket.supportedCipherSuites
    val indexOfFallbackScsv =
      supportedCipherSuites.indexOf(

  @Throws(IOException::class)
  fun wrongConnectionHeader() {
    webServer.enqueue(
      MockResponse.Builder()
        .code(101)
        .setHeader("Upgrade", "websocket")
        .setHeader("Connection", "Downgrade")
        .setHeader("Sec-WebSocket-Accept", "ujmZX4KXZqjwy6vi1aQFH5p4Ygk=")
        .build(),
    )
    webServer.enqueue(
      MockResponse.Builder()
        .socketPolicy(SocketPolicy.DisconnectAtStart)

		case madmin.AdminAPIVersion:
			desc = fmt.Sprintf("This 'admin' API is not supported by server in '%s'", getMinioMode())
		default:
			desc = fmt.Sprintf("Unexpected client 'admin' API version found '%s', expected '%s', please downgrade the client to older releases", version, madmin.AdminAPIVersion)
		}
		writeErrorResponseJSON(r.Context(), w, APIError{
			Code:           "XMinioAdminVersionMismatch",
			Description:    desc,

    /**
     * Enforce secure negotiation
     * 
     * Property <tt>jcifs.smb.client.requireSecureNegotiate</tt> (boolean, default true)
     * 
     * This does not provide any actual downgrade protection if SMB1 is allowed.
     * 
     * It will also break connections with SMB2 servers that do not properly sign error responses.
     * 
     * @return whether to enforce the use of secure negotiation.
     */

    private ReferrerPolicyValues() {}

    public static final String NO_REFERRER = "no-referrer";
    public static final String NO_REFFERER_WHEN_DOWNGRADE = "no-referrer-when-downgrade";
    public static final String SAME_ORIGIN = "same-origin";
    public static final String ORIGIN = "origin";
    public static final String STRICT_ORIGIN = "strict-origin";

        "ReadWriteC -> ReadWriteA",
        "ReadWriteB -> ReadWriteC",
        "ReadWriteA -> ReadWriteB");
  }

  public void testWriteToReadLockDowngrading() {
    writeLockA.lock(); // writeLockA downgrades to readLockA
    readLockA.lock();
    writeLockA.unlock();

    lockB.lock(); // readLockA -> lockB
    readLockA.unlock();

    // lockB -> writeLockA should fail

        "ReadWriteC -> ReadWriteA",
        "ReadWriteB -> ReadWriteC",
        "ReadWriteA -> ReadWriteB");
  }

  public void testWriteToReadLockDowngrading() {
    writeLockA.lock(); // writeLockA downgrades to readLockA
    readLockA.lock();
    writeLockA.unlock();

    lockB.lock(); // readLockA -> lockB
    readLockA.unlock();

    // lockB -> writeLockA should fail

				if !ok {
					ckvs.Set(kv.Key, kv.Value)
				}
			}
			if _, ok := cp[subSys]; !ok {
				rnSubSys, ok := renamedSubsys[subSys]
				if !ok {
					// A config subsystem was removed or server was downgraded.
					continue
				}
				// Copy over settings from previous sub-system
				// to newly renamed sub-system
				for _, kv := range cp[rnSubSys][Default] {
					_, ok := c[subSys][tgt].Lookup(kv.Key)

	// Current version being written.
	xlVersionCurrent [4]byte
)

const (
	// Breaking changes.
	// Newer versions cannot be read by older software.
	// This will prevent downgrades to incompatible versions.
	xlVersionMajor = 1

	// Non breaking changes.
	// Bumping this is informational, but should be done
	// if any change is made to the data stored, bumping this