* @return a decryption cipher
     */
    protected Cipher pollDecryptoCipher() {
        Cipher cipher = decryptoQueue.poll();
        if (cipher == null) {
            try {
                final SecretKeySpec sksSpec = new SecretKeySpec(key.getBytes(charsetName), algorithm);
                cipher = Cipher.getInstance(algorithm);
                cipher.init(Cipher.DECRYPT_MODE, sksSpec);

            final Cipher cipher = Cipher.getInstance(transformation);
            final GCMParameterSpec gcmSpec = new GCMParameterSpec(getAuthTagLength() * 8, nonce);

            cipher.init(encrypt ? Cipher.ENCRYPT_MODE : Cipher.DECRYPT_MODE, keySpec, gcmSpec);
            return cipher;
        } finally {
            // Guaranteed cleanup of all key material
            if (key != null) {

        return new HMACT64(key);
    }

    /**
     * Get an RC4 cipher instance initialized with the specified key.
     * @param key the encryption key
     * @return RC4 cipher in encryption mode
     */
    public static Cipher getArcfour(final byte[] key) {
        try {
            final Cipher c = Cipher.getInstance("RC4");
            c.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(key, "RC4"));
            return c;

        cipher.setKey("mySecretKey");

        final String original = "";
        final String encrypted = cipher.encryptText(original);
        final String decrypted = cipher.decryptText(encrypted);

        assertThat(decrypted, is(original));
    }

    @Test
    public void testLongText() {
        final CachedCipher cipher = new CachedCipher();
        cipher.setKey("mySecretKey");

        final int start = dstIndex;
        SMBUtil.writeInt2(this.ciphers != null ? this.ciphers.length : 0, dst, dstIndex);
        dstIndex += 2;

        if (this.ciphers != null) {
            for (final int cipher : this.ciphers) {
                SMBUtil.writeInt2(cipher, dst, dstIndex);
                dstIndex += 2;
            }
        }
        return dstIndex - start;

        byte[] keybytes = key.getEncoded();
        Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
        cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(keybytes, "AES"), new IvParameterSpec(ZERO_IV, 0, ZERO_IV.length));
        if (constant.length != cipher.getBlockSize()) {
            constant = expandNFold(constant, cipher.getBlockSize());
        }
        byte[] enc = constant;

        SecretKeySpec dataKey = new SecretKeySpec(dataHmac, KerberosConstants.RC4_ALGORITHM);

        cipher = Cipher.getInstance(KerberosConstants.RC4_ALGORITHM);
        cipher.init(Cipher.DECRYPT_MODE, dataKey);

        int plainDataLength = data.length - KerberosConstants.CHECKSUM_SIZE;
        byte[] plainData = cipher.doFinal(data, KerberosConstants.CHECKSUM_SIZE, plainDataLength);

        @DisplayName("Should encode various cipher counts correctly")
        void testEncodeVariousCipherCounts(int cipherCount) {
            int[] ciphers = new int[cipherCount];
            for (int i = 0; i < cipherCount; i++) {
                ciphers[i] = i + 1;
            }
            EncryptionNegotiateContext context = new EncryptionNegotiateContext(mockConfig, ciphers);

   * order for a socket to be compatible the enabled cipher suites and protocols must intersect.
   *
   * For cipher suites, at least one of the [required cipher suites][cipherSuites] must match the
   * socket's enabled cipher suites. If there are no required cipher suites the socket must have at
   * least one cipher suite enabled.
   *

		tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
	}
}

// TLSCiphersBackwardCompatible returns a list of supported
// TLS transport cipher suite IDs.
//
// In contrast to TLSCiphers, the list contains additional
// ciphers for backward compatibility. In particular, AES-CBC
// and non-ECDHE ciphers.
func TLSCiphersBackwardCompatible() []uint16 {
	return []uint16{
		tls.TLS_CHACHA20_POLY1305_SHA256, // TLS 1.3