}

  @Test
  fun testDefaultHandshakeCipherSuiteOrderingTls12Restricted() {
    // We are avoiding making guarantees on ordering of secondary Platforms.
    platform.assumeNotConscrypt()
    platform.assumeNotBouncyCastle()

    val client = makeClient(ConnectionSpec.RESTRICTED_TLS, TlsVersion.TLS_1_2)

    val handshake = makeRequest(client)

  @StartStop
  private val server = MockWebServer()

  @BeforeEach
  fun setup() {
    // BCX509ExtendedTrustManager not supported in TlsUtil.newTrustManager
    platform.assumeNotBouncyCastle()
  }

  @Test fun `untrusted host in insecureHosts connects successfully`() {
    val serverCertificates = platform.localhostHandshakeCertificates()
    server.useHttps(serverCertificates.sslSocketFactory())

    // System.setProperty("jdk.tls.server.enableSessionTicketExtension", "true")

    // IllegalStateException: Cannot resume session and session creation is disabled
    platform.assumeNotBouncyCastle()
  }

  @Test
  fun testSessionReuse(tlsVersion: String = burstValues("TLSv1.2", "TLSv1.3")) {
    if (tlsVersion == TlsVersion.TLS_1_3.javaName) {
      assumeTrue(PlatformVersion.majorVersion != 8)
    }

    }
  private var acceptedHostName: String? = null

  @StartStop
  private val server = MockWebServer()

  @BeforeEach
  fun setUp() {
    // Test designed for Conscrypt and JSSE
    platform.assumeNotBouncyCastle()
  }

  @Test
  fun testHttp(socketMode: SocketMode = burstValues(Channel, Standard)) {
    testConnection(socketMode)
  }

  @Test
  fun testHttps(
    provider: Provider = Provider.JSSE,

  private lateinit var clientIntermediateCa: HeldCertificate
  private lateinit var clientCert: HeldCertificate

  @BeforeEach
  fun setUp() {
    platform.assumeNotOpenJSSE()
    platform.assumeNotBouncyCastle()
    serverRootCa =
      HeldCertificate
        .Builder()
        .serialNumber(1L)
        .certificateAuthority(1)
        .commonName("root")
        .addSubjectAlternativeName("root_ca.com")

      .connectionPool(ConnectionPool(connectionListener = listener))
      .fastFallback(fastFallback)
      .build()

  @BeforeEach
  fun setUp() {
    platform.assumeNotOpenJSSE()
    platform.assumeNotBouncyCastle()
    listener.forbidLock(get(client.connectionPool))
    listener.forbidLock(client.dispatcher)
  }

  @Test
  fun successfulCallEventSequence() {
    server.enqueue(MockResponse(body = "abc"))

    enableProtocol(Protocol.HTTP_2)
    noRecoverWhenRetryOnConnectionFailureIsFalse()
  }

  @Test
  fun tlsHandshakeFailure_noFallbackByDefault() {
    platform.assumeNotBouncyCastle()

    server.useHttps(handshakeCertificates.sslSocketFactory())
    server.enqueue(MockResponse.Builder().failHandshake().build())
    server.enqueue(MockResponse(body = "response that will never be received"))

  private val dns = FakeDns()
  private lateinit var url: HttpUrl
  private lateinit var serverIps: List<InetAddress>

  @BeforeEach
  fun setUp() {
    platform.assumeHttp2Support()
    platform.assumeNotBouncyCastle()
    rootCa =
      HeldCertificate
        .Builder()
        .serialNumber(1L)
        .certificateAuthority(0)
        .commonName("root")
        .build()
    certificate =
      HeldCertificate

    assertThat(handshake.peerPrincipal).isNull()
    assertThat(handshake.peerCertificates.size).isEqualTo(0)
  }

  @Test
  fun httpsWithClientAuth() {
    platform.assumeNotBouncyCastle()
    platform.assumeNotConscrypt()
    val clientCa =
      HeldCertificate
        .Builder()
        .certificateAuthority(0)
        .build()
    val serverCa =
      HeldCertificate

  var platform = PlatformRule()

  @RegisterExtension
  var clientTestRule = OkHttpClientTestRule()

  @StartStop
  private val server = MockWebServer()

  @BeforeEach
  fun setup() {
    platform.assumeNotBouncyCastle()
  }

  /**
   * The pinner should pull the root certificate from the trust manager.
   */
  @Test
  fun pinRootNotPresentInChain() {
    // Fails on 11.0.1 https://github.com/square/okhttp/issues/4703