tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
	}
}

// TLSCiphersBackwardCompatible returns a list of supported
// TLS transport cipher suite IDs.
//
// In contrast to TLSCiphers, the list contains additional
// ciphers for backward compatibility. In particular, AES-CBC
// and non-ECDHE ciphers.
func TLSCiphersBackwardCompatible() []uint16 {
	if Enabled {
		return []uint16{
			tls.TLS_AES_128_GCM_SHA256, // TLS 1.3

	ssh.KeyAlgoSKED25519, ssh.KeyAlgoSKECDSA256,
	ssh.KeyAlgoECDSA256, ssh.KeyAlgoECDSA384, ssh.KeyAlgoECDSA521,
	ssh.KeyAlgoRSASHA256, ssh.KeyAlgoRSASHA512, ssh.KeyAlgoRSA,
	ssh.KeyAlgoDSA,
}

// supportedCiphers lists ciphers we support but might not recommend.
// https://cs.opensource.google/go/x/crypto/+/refs/tags/v0.22.0:ssh/common.go;l=28
var supportedCiphers = []string{
	"aes128-ctr", "aes192-ctr", "aes256-ctr",

	iv, nonce := random[:16], random[16:]

	var aead cipher.AEAD
	switch keyType {
	case kms.AES256:
		mac := hmac.New(sha256.New, s.key)
		mac.Write(iv)
		sealingKey := mac.Sum(nil)

		block, err := aes.NewCipher(sealingKey)
		if err != nil {
			return nil, err
		}
		aead, err = cipher.NewGCM(block)
		if err != nil {
			return nil, err
		}
	case kms.ChaCha20:

        if (cookieNameMap == null) {
            cookieNameMap = new HashMap<>();
        }
        cookieNameMap.put(cookieName, roleName);
    }

    public void setCipher(final CachedCipher cipher) {
        this.cipher = cipher;
    }

    public void setValueSeparator(final String valueSeparator) {
        this.valueSeparator = valueSeparator;
    }

    public void setRoleSeparator(final String roleSeparator) {

The [`jstmpllitinterp` setting](/pkg/html/template#hdr-Security_Model) no longer has
any effect.

Go 1.23 changed the default TLS cipher suites used by clients and servers when
not explicitly configured, removing 3DES cipher suites. The default can be reverted
using the [`tls3des` setting](/pkg/crypto/tls/#Config.CipherSuites).

		<property name="encryptedHeaderValue">true</property>
		<property name="cookieKey">"fessRoles"</property>
		<property name="encryptedCookieValue">true</property>
		<property name="cipher">
			<component class="org.codelibs.core.crypto.CachedCipher">
				<property name="key">"1234567890123456"</property>
			</component>
		</property>
		<property name="valueSeparator">"\\n"</property>

    val minlog = "com.esotericsoftware.minlog:minlog"
    val nativePlatform = "net.rubygrapefruit:native-platform"
    val objenesis = "org.objenesis:objenesis"
    val plexusCipher = "org.sonatype.plexus:plexus-cipher"
    val plexusClassworlds = "org.codehaus.plexus:plexus-classworlds"
    val plexusInterpolation = "org.codehaus.plexus:plexus-interpolation"
    val plexusSecDispatcher = "org.codehaus.plexus:plexus-sec-dispatcher"

    public static final String QUERIES = "queries";

    public static final String VIRTUAL_HOSTS = "virtualHosts";

    public static final String CIPHER_PREFIX = "{cipher}";

    public static final String SYSTEM_USER = "system";

    public static final String EMPTY_USER_ID = "<empty>";

    public static final String CRAWLER_PROCESS_COMMAND_THREAD_DUMP = "thread_dump";

search_engine.http.url=http://localhost:9201
search_engine.http.ssl.certificate_authorities=
search_engine.username=
search_engine.password=
search_engine.heartbeat_interval=10000

# Cryptographer
app.cipher.algorism=aes
app.cipher.key=___change__me___
app.digest.algorism=sha256
app.encrypt.property.pattern=.*password|.*key|.*token|.*secret

app.extension.names=

app.audit.log.format=

# JVM options
jvm.crawler.options=\

      }
    }
  }

  /**
   * Test for 2-bit characteristics. A characteristic is a delta in the input which is repeated in
   * the output. For example, if f() is a block cipher and c is a characteristic, then f(x^c) =
   * f(x)^c with greater than expected probability. The test for funneling is merely a test for
   * 1-bit characteristics.
   *