message == "adding as trusted certificates" -> Type.Setup
          message == "Raw read" || message == "Raw write" -> Type.Encrypted
          message == "Plaintext before ENCRYPTION" || message == "Plaintext after DECRYPTION" -> Type.Plaintext
          message.startsWith("System property ") -> Type.Setup
          message.startsWith("Reload ") -> Type.Setup
          message == "No session to resume." -> Type.Handshake

        assertEquals(invertibleCryptographer, provider.providePrimaryInvertibleCryptographer());
        assertEquals(md5, provider.providePrimaryOneWayCryptographer());
    }

    // Test encryption and decryption functionality
    @Test
    public void test_invertibleCryptography() {
        // Test that invertible cryptography works correctly

          // Produced ClientHello handshake message
          //
          // Raw write
          // Raw read
          // Plaintext before ENCRYPTION
          // Plaintext after DECRYPTION
          val message = record.message
          val parameters = record.parameters

          if (parameters != null && !message.startsWith("Raw") && !message.startsWith("Plaintext")) {
            if (verbose) {

## Changelog since v1.32.3

## Changes by Kind

### Bug or Regression

- Fix a bug where kube-apiserver could emit an further watch even even if decryption failed for earlier event and it was not emitted. ([#131159](https://github.com/kubernetes/kubernetes/pull/131159), [@wojtek-t](https://github.com/wojtek-t)) [SIG API Machinery and Etcd]

- Fix a bug where kube-apiserver could emit an further watch even even if decryption failed for earlier event and it was not emitted. ([#131020](https://github.com/kubernetes/kubernetes/pull/131020), [@wojtek-t](https://github.com/wojtek-t)) [SIG API Machinery and Etcd]