// Produced ClientHello handshake message
          // Consuming ServerHello handshake message
          // Consuming server Certificate handshake message
          // Consuming server CertificateStatus handshake message
          // Found trusted certificate
          // Consuming ECDH ServerKeyExchange handshake message
          // Consuming ServerHelloDone handshake message

    @Override
    public int getContentLength() {
        handshake();
        return this.connection.getContentLength();
    }

    @Override
    public String getContentType() {
        handshake();
        return this.connection.getContentType();
    }

    @Override
    public String getContentEncoding() {
        handshake();
        return this.connection.getContentEncoding();
    }

        ),
      ).assertLogMatch(
        Regex(
          """callFailed: \S+(?:SSLProtocolException|SSLHandshakeException|TlsFatalAlert): .*(?:Unexpected handshake message: client_hello|Handshake message sequence violation, 1|Read error|Handshake failed|unexpected_message\(10\)).*""",

    }

    /**
     * Test simple getter methods that should trigger the handshake.
     * We mock a simple 200 OK response to test the handshake is called.
     * @throws IOException
     */
    @Test
    void testGettersTriggerHandshake() throws IOException {
        // Arrange
        // Spy on the connection to verify handshake() is called
        NtlmHttpURLConnection spiedConnection = spy(ntlmConnection);

    // We have a host mismatch. But if the certificate matches, we're still good.
    return !noCoalescedConnections && handshake != null && certificateSupportHost(url, handshake)
  }

  private fun certificateSupportHost(
    url: HttpUrl,
    handshake: Handshake,
  ): Boolean {
    val peerCertificates = handshake.peerCertificates

    return peerCertificates.isNotEmpty() &&

    platform.assumeNotConscrypt()
    platform.assumeNotBouncyCastle()

    val client = makeClient(ConnectionSpec.RESTRICTED_TLS, TlsVersion.TLS_1_2)

    val handshake = makeRequest(client)

    assertThat(handshake.cipherSuite).isIn(*expectedModernTls12CipherSuites.toTypedArray())

    // Probably something like
    // TLS_AES_128_GCM_SHA256
    // TLS_AES_256_GCM_SHA384

          .writeByte('\n'.code)

        if (url.isHttps && handshake != null) {
          sink.writeByte('\n'.code)
          sink.writeUtf8(handshake.cipherSuite.javaName).writeByte('\n'.code)
          writeCertList(sink, handshake.peerCertificates)
          writeCertList(sink, handshake.localCertificates)
          sink.writeUtf8(handshake.tlsVersion.javaName).writeByte('\n'.code)
        }
      }
    }

      when (expected) {
        is SSLHandshakeException -> {
          // On Android, the handshake fails before the certificate pinner runs.
          assertThat(expected.message!!).contains("Could not validate certificate")
        }

        is SSLPeerUnverifiedException -> {
          // On OpenJDK, the handshake succeeds but the certificate pinner fails.

    .build();
```

### Debugging TLS Handshake Failures

The TLS handshake requires clients and servers to share a common TLS version and cipher suite. This
depends on the JVM or Android version, OkHttp version, and web server configuration. If there is no
common cipher suite and TLS version, your call will fail like this:

```
Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x7f2719a89e80:

    val handshake = request.handshake
    assertThat(handshake!!.tlsVersion).isNotNull()
    assertThat(handshake.cipherSuite).isNotNull()
    assertThat(handshake.localPrincipal).isNotNull()
    assertThat(handshake.localCertificates.size).isEqualTo(1)
    assertThat(handshake.peerPrincipal).isNull()
    assertThat(handshake.peerCertificates.size).isEqualTo(0)
  }

  @Test