* [okhttp-system-keystore](https://github.com/charleskorn/okhttp-system-keystore): Use trusted certificates from the operating system keystore (Keychain on macOS, Certificate Store on Windows).
 * ⬜️ [Okio](https://github.com/square/okio/): A modern I/O API for Java.

import java.util.logging.Formatter
import java.util.logging.LogRecord

/**
 * Is Java8 Data and Time really this bad, or is writing this on a plane from just javadocs a bad
 * idea?
 *
 * Why so much construction?
 */
class OneLineLogFormat : Formatter() {
  private val d =
    DateTimeFormatterBuilder()
      .appendValue(HOUR_OF_DAY, 2)
      .appendLiteral(':')
      .appendValue(MINUTE_OF_HOUR, 2)

  val safari12iOS = sslLabsClients.first { it.userAgent == "Safari" && it.platform == "iOS 12.3.1" }
  val safari12Osx =
    sslLabsClients.first { it.userAgent == "Safari" && it.platform == "MacOS 10.14.6 Beta" }

  val okhttp = currentOkHttp(ianaSuitesNew)

  val okHttp_4_10 = historicOkHttp("4.10")
  val okHttp_3_14 = historicOkHttp("3.14")
  val okHttp_3_13 = historicOkHttp("3.13")

  }

  /**
   * A trust manager for Android applications that customize the trust manager.
   *
   * This class exploits knowledge of Android implementation details. This class is potentially
   * much faster to initialize than [BasicTrustRootIndex] because it doesn't need to load and
   * index trusted CA certificates.
   */
  internal data class CustomTrustRootIndex(
    private val trustManager: X509TrustManager,

    when {
      PlatformVersion.majorVersion > 11 ->
        assertThat(s.enabledProtocols.toList()).containsExactly(
          "TLSv1.3",
          "TLSv1.2",
        )
      // Not much we can guarantee on JDK 11.
      PlatformVersion.majorVersion == 11 ->
        assertThat(s.enabledProtocols.toList()).contains(
          "TLSv1.2",
        )
      // JDK 8 291 removed older versions

 * client. Applications may use this class to monitor HTTP connections as members of a
 * [connection pool][ConnectionPool].
 *
 * Do not confuse this class with the misnamed `HttpURLConnection`, which isn't so much a connection
 * as a single request/response exchange.
 *
 * ## Modern TLS
 *
 * There are trade-offs when selecting which options to include when negotiating a secure connection

   * ```
   *
   * But this chain is wrong because the attackerSwitch certificate is being used in a CA role even
   * though it is not a CA certificate. There are pinned certificates in the chain! The correct
   * chain is much shorter because it skips the non-CA certificate.
   *
   * ```
   *   attackerCa
   *     -> attackerIntermediate
   *         -> phonyVictim
   * ```
   *

// Submitted by Adam Humpherys <******@****.***>
mazeplay.com

// mcpe.me : https://mcpe.me
// Submitted by Noa Heyl <******@****.***>
mcpe.me

// McHost : https://mchost.ru
// Submitted by Evgeniy Subbotin <e.subbotin@mchost.ru>
mcdir.me
mcdir.ru
mcpre.ru
vps.mcdir.ru

// Mediatech : https://mediatech.by
// Submitted by Evgeniy Kozhuhovskiy <******@****.***>