"ReadWriteC -> ReadWriteA",
        "ReadWriteB -> ReadWriteC",
        "ReadWriteA -> ReadWriteB");
  }

  public void testWriteToReadLockDowngrading() {
    writeLockA.lock(); // writeLockA downgrades to readLockA
    readLockA.lock();
    writeLockA.unlock();

    lockB.lock(); // readLockA -> lockB
    readLockA.unlock();

    // lockB -> writeLockA should fail

        "ReadWriteC -> ReadWriteA",
        "ReadWriteB -> ReadWriteC",
        "ReadWriteA -> ReadWriteB");
  }

  public void testWriteToReadLockDowngrading() {
    writeLockA.lock(); // writeLockA downgrades to readLockA
    readLockA.lock();
    writeLockA.unlock();

    lockB.lock(); // readLockA -> lockB
    readLockA.unlock();

    // lockB -> writeLockA should fail

            return false;
        }
        return true;
    }

    /**
     * Validates if the canonical URL is valid relative to the original URL.
     * Specifically checks for HTTPS to HTTP downgrades.
     *
     * @param url the original URL
     * @param canonicalUrl the canonical URL to validate
     * @return true if the canonical URL is valid, false otherwise
     */

  fun wrongConnectionHeader() {
    webServer.enqueue(
      MockResponse
        .Builder()
        .code(101)
        .setHeader("Upgrade", "websocket")
        .setHeader("Connection", "Downgrade")
        .setHeader("Sec-WebSocket-Accept", "ujmZX4KXZqjwy6vi1aQFH5p4Ygk=")
        .build(),
    )
    webServer.enqueue(
      MockResponse
        .Builder()
        .onRequestStart(CloseSocket())

    }
  }

  companion object {
    /**
     * The cipher suite used during TLS connection fallback to indicate a fallback. See
     * https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00
     */
    const val TLS_FALLBACK_SCSV = "TLS_FALLBACK_SCSV"
  }

* Fix GCE etcd scripts to pass in all required parameters for the etcd migration utility to correctly perform HA upgrades and downgrades ([#61957](https://github.com/kubernetes/kubernetes/pull/61957), [@jpbetz](https://github.com/jpbetz))

        sslSocket.enabledProtocols.intersect(tlsVersionsAsString, naturalOrder())
      } else {
        sslSocket.enabledProtocols
      }

    // In accordance with https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00 the SCSV
    // cipher is added to signal that a protocol fallback has taken place.
    val supportedCipherSuites = sslSocket.supportedCipherSuites
    val indexOfFallbackScsv =
      supportedCipherSuites.indexOf(

    private ReferrerPolicyValues() {}

    public static final String NO_REFERRER = "no-referrer";
    public static final String NO_REFFERER_WHEN_DOWNGRADE = "no-referrer-when-downgrade";
    public static final String SAME_ORIGIN = "same-origin";
    public static final String ORIGIN = "origin";
    public static final String STRICT_ORIGIN = "strict-origin";

  This feature will not be fully enabled until a future Kubernetes release (likely to be v1.29), but is added in v1.28 to enable
  safe rollback on downgrade. ([#118339](https://github.com/kubernetes/kubernetes/pull/118339), [@jpbetz](https://github.com/jpbetz)) [SIG API Machinery, Auth, Cloud Provider and Testing]

- DRA: The scheduler plugin prevented abnormal filter runtimes by timing out after 10...