socket.enabledCipherSuites = arrayOf("SSL_A", "SSL_B", "SSL_C")
    val connectionSpec =
      ConnectionSpec
        .Builder(true)
        .tlsVersions(TlsVersion.TLS_1_0)
        .cipherSuites("TLS_A", "TLS_C", "TLS_E")
        .build()
    applyConnectionSpec(connectionSpec, socket, false)
    assertArrayEquals(arrayOf("TLS_A", "TLS_C"), socket.enabledCipherSuites)
  }

  @Test

      platform.newSslSocketFactory(platform.platformTrustManager()).defaultCipherSuites
    val cipherSuites =
      ConnectionSpec.RESTRICTED_TLS.effectiveCipherSuites(platformDefaultCipherSuites)

    if (cipherSuites.contains(TLS_CHACHA20_POLY1305_SHA256.javaName)) {
      assertThat(cipherSuites).containsExactly(
        TLS_AES_128_GCM_SHA256.javaName,
        TLS_AES_256_GCM_SHA384.javaName,

  }

  @Test
  fun tlsBuilder_explicitCiphers() {
    val tlsSpec =
      ConnectionSpec
        .Builder(true)
        .cipherSuites(CipherSuite.TLS_RSA_WITH_RC4_128_MD5)
        .tlsVersions(TlsVersion.TLS_1_2)
        .supportsTlsExtensions(true)
        .build()
    assertThat(tlsSpec.cipherSuites!!.toList())
      .containsExactly(CipherSuite.TLS_RSA_WITH_RC4_128_MD5)
    assertThat(tlsSpec.tlsVersions!!.toList())

			newCachedAuthToken(),
			&tls.Config{
				RootCAs:          globalRootCAs,
				CipherSuites:     crypto.TLSCiphers(),
				CurvePreferences: crypto.TLSCurveIDs(),
			}),
		Local:        local,
		Hosts:        hosts,
		AuthToken:    validateStorageRequestToken,
		AuthFn:       newCachedAuthToken(),

		tlsConfig.ClientAuth = tls.RequestClientCert
	}

	if secureCiphers := env.Get(api.EnvAPISecureCiphers, config.EnableOn) == config.EnableOn; secureCiphers {
		tlsConfig.CipherSuites = crypto.TLSCiphers()
	} else {
		tlsConfig.CipherSuites = crypto.TLSCiphersBackwardCompatible()
	}
	tlsConfig.CurvePreferences = crypto.TLSCurveIDs()
	return tlsConfig
}

/////////// Types and functions for OpenID IAM testing

  Client(
    userAgent = "OkHttp",
    version = OkHttp.VERSION,
    enabled =
      ConnectionSpec.MODERN_TLS.cipherSuites!!.map {
        ianaSuites.fromJavaName(it.javaName)
      },
    supported =
      ConnectionSpec.COMPATIBLE_TLS.cipherSuites!!.map {
        ianaSuites.fromJavaName(it.javaName)
      },
  )

fun historicOkHttp(version: String): Client {
  val enabled =

    connectionSpec = ConnectionSpec.COMPATIBLE_TLS
    connectionSpec = ConnectionSpec.CLEARTEXT
    val tlsVersions: List<TlsVersion>? = connectionSpec.tlsVersions
    val cipherSuites: List<CipherSuite>? = connectionSpec.cipherSuites
    val supportsTlsExtensions: Boolean = connectionSpec.supportsTlsExtensions
    val compatible: Boolean =
      connectionSpec.isCompatible(

 * as part of MODERN_TLS or folded into the default OkHttp client once published and
 * available in JDK11 or Conscrypt.
 */
private val TLS_13 =
  ConnectionSpec
    .Builder(true)
    .cipherSuites(*TLS13_CIPHER_SUITES.toTypedArray())
    .tlsVersions(TlsVersion.TLS_1_3)
    .build()

private val TLS_12 =
  ConnectionSpec
    .Builder(ConnectionSpec.RESTRICTED_TLS)
    .tlsVersions(TlsVersion.TLS_1_2)

            return
          }

          // https://timothybasanov.com/2016/05/26/java-pre-master-secret.html
          // https://security.stackexchange.com/questions/35639/decrypting-tls-in-wireshark-when-using-dhe-rsa-ciphersuites
          // https://stackoverflow.com/questions/36240279/how-do-i-extract-the-pre-master-secret-using-an-openssl-based-client

          // TLSv1.2 Events
          // Produced ClientHello handshake message

	public final fun allEnabledTlsVersions ()Lokhttp3/ConnectionSpec$Builder;
	public final fun build ()Lokhttp3/ConnectionSpec;
	public final fun cipherSuites ([Ljava/lang/String;)Lokhttp3/ConnectionSpec$Builder;
	public final fun cipherSuites ([Lokhttp3/CipherSuite;)Lokhttp3/ConnectionSpec$Builder;
	public final fun supportsTlsExtensions (Z)Lokhttp3/ConnectionSpec$Builder;