}

func TestCipherSuites(t *testing.T) {
	var lastID uint16
	for _, c := range CipherSuites() {
		if lastID > c.ID {
			t.Errorf("CipherSuites are not ordered by ID: got %#04x after %#04x", c.ID, lastID)
		} else {
			lastID = c.ID
		}

		if c.Insecure {
			t.Errorf("%#04x: Insecure CipherSuite returned by CipherSuites()", c.ID)
		}
	}
	lastID = 0
	for _, c := range InsecureCipherSuites() {

			}
			if len(chi.CipherSuites) != 2+len(defaultCipherSuitesTLS13) {
				t.Error("the advertised TLS 1.2 suites should be filtered by Config.CipherSuites")
			}
			return nil, nil
		},
	}
	clientConfig := &Config{
		CipherSuites:       []uint16{TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256},
		InsecureSkipVerify: true,
	}

}

public final class okhttp3/CipherSuite {
	public static final field Companion Lokhttp3/CipherSuite$Companion;
	public static final field TLS_AES_128_CCM_8_SHA256 Lokhttp3/CipherSuite;
	public static final field TLS_AES_128_CCM_SHA256 Lokhttp3/CipherSuite;
	public static final field TLS_AES_128_GCM_SHA256 Lokhttp3/CipherSuite;
	public static final field TLS_AES_256_GCM_SHA384 Lokhttp3/CipherSuite;

		t = time.Now
	}
	return t()
}

func (c *Config) cipherSuites() []uint16 {
	if c.CipherSuites == nil {
		if needFIPS() {
			return defaultCipherSuitesFIPS
		}
		return defaultCipherSuites()
	}
	if needFIPS() {
		cipherSuites := slices.Clone(c.CipherSuites)
		return slices.DeleteFunc(cipherSuites, func(id uint16) bool {
			return !slices.Contains(defaultCipherSuitesFIPS, id)
		})

		!readUint8LengthPrefixed(&s, &m.sessionId) {
		return false
	}

	var cipherSuites cryptobyte.String
	if !s.ReadUint16LengthPrefixed(&cipherSuites) {
		return false
	}
	m.cipherSuites = []uint16{}
	m.secureRenegotiationSupported = false
	for !cipherSuites.Empty() {
		var suite uint16
		if !cipherSuites.ReadUint16(&suite) {
			return false
		}
		if suite == scsvRenegotiation {

		GetConfigForClient: func(chi *ClientHelloInfo) (*Config, error) {
			if len(chi.CipherSuites) != len(defaultCipherSuitesTLS13NoAES) {
				t.Errorf("only TLS 1.3 suites should be advertised, got=%x", chi.CipherSuites)
			} else {
				for i := range defaultCipherSuitesTLS13NoAES {
					if want, got := defaultCipherSuitesTLS13NoAES[i], chi.CipherSuites[i]; want != got {

		return c.in.setErrorLocked(errors.New("tls: received unexpected key update message"))
	}

	cipherSuite := cipherSuiteTLS13ByID(c.cipherSuite)
	if cipherSuite == nil {
		return c.in.setErrorLocked(c.sendAlert(alertInternalError))
	}

	newSecret := cipherSuite.nextTrafficSecret(c.in.trafficSecret)
	c.in.setTrafficSecret(cipherSuite, QUICEncryptionLevelInitial, newSecret)

	if keyUpdate.updateRequested {
		c.out.Lock()

	if tlsDefaults == nil {
		return
	}

	if len(tlsDefaults.EcdhCurves) > 0 {
		tlsParamsOrNew(ctx).EcdhCurves = tlsDefaults.EcdhCurves
	}
	if len(tlsDefaults.CipherSuites) > 0 {
		tlsParamsOrNew(ctx).CipherSuites = tlsDefaults.CipherSuites
	}
	if tlsDefaults.MinProtocolVersion != meshconfig.MeshConfig_TLSConfig_TLS_AUTO {

	ts := newClientServerTest(t, mode, HandlerFunc(func(w ResponseWriter, r *Request) {
		w.Write([]byte("Hello"))
	})).ts

	c := ts.Client()
	tr := c.Transport.(*Transport)
	tr.TLSClientConfig.CipherSuites = []uint16{tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256}
	tr.TLSClientConfig.MaxVersion = tls.VersionTLS12 // to get to pick the cipher suite
	tr.Dial = func(netw, addr string) (net.Conn, error) {

			TlsParams: &tls.TlsParameters{
				TlsMinimumProtocolVersion: tls.TlsParameters_TLSv1_2,
				TlsMaximumProtocolVersion: tls.TlsParameters_TLSv1_3,
				CipherSuites: []string{
					"ECDHE-ECDSA-AES256-GCM-SHA384",
					"ECDHE-RSA-AES256-GCM-SHA384",
					"ECDHE-ECDSA-AES128-GCM-SHA256",
					"ECDHE-RSA-AES128-GCM-SHA256",
					"AES256-GCM-SHA384",