import mockwebserver3.junit5.StartStop
import okhttp3.CipherSuite.Companion.TLS_AES_128_GCM_SHA256
import okhttp3.CipherSuite.Companion.TLS_AES_256_GCM_SHA384
import okhttp3.CipherSuite.Companion.TLS_CHACHA20_POLY1305_SHA256
import okhttp3.CipherSuite.Companion.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
import okhttp3.CipherSuite.Companion.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
import okhttp3.CipherSuite.Companion.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

    val utf8: Challenge = challenge.withCharset(Charsets.UTF_8)
  }

  @Test
  fun cipherSuite() {
    var cipherSuite: CipherSuite = CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
    cipherSuite = CipherSuite.forJavaName("")
    val javaName: String = cipherSuite.javaName
  }

  @Test
  fun connection() {
    val connection =
      object : Connection {

		tlsConfig.ClientAuth = tls.RequestClientCert
	}

	if secureCiphers := env.Get(api.EnvAPISecureCiphers, config.EnableOn) == config.EnableOn; secureCiphers {
		tlsConfig.CipherSuites = crypto.TLSCiphers()
	} else {
		tlsConfig.CipherSuites = crypto.TLSCiphersBackwardCompatible()
	}
	tlsConfig.CurvePreferences = crypto.TLSCurveIDs()
	return tlsConfig
}

/////////// Types and functions for OpenID IAM testing

}

public final class okhttp3/CipherSuite {
	public static final field Companion Lokhttp3/CipherSuite$Companion;
	public static final field TLS_AES_128_CCM_8_SHA256 Lokhttp3/CipherSuite;
	public static final field TLS_AES_128_CCM_SHA256 Lokhttp3/CipherSuite;
	public static final field TLS_AES_128_GCM_SHA256 Lokhttp3/CipherSuite;
	public static final field TLS_AES_256_GCM_SHA384 Lokhttp3/CipherSuite;

}

public final class okhttp3/CipherSuite {
	public static final field Companion Lokhttp3/CipherSuite$Companion;
	public static final field TLS_AES_128_CCM_8_SHA256 Lokhttp3/CipherSuite;
	public static final field TLS_AES_128_CCM_SHA256 Lokhttp3/CipherSuite;
	public static final field TLS_AES_128_GCM_SHA256 Lokhttp3/CipherSuite;
	public static final field TLS_AES_256_GCM_SHA384 Lokhttp3/CipherSuite;

Go 1.23 changed the default TLS cipher suites used by clients and servers when
not explicitly configured, removing 3DES cipher suites. The default can be reverted
using the [`tls3des` setting](/pkg/crypto/tls/#Config.CipherSuites).

Go 1.23 changed the behavior of [`tls.X509KeyPair`](/pkg/crypto/tls#X509KeyPair)
and [`tls.LoadX509KeyPair`](/pkg/crypto/tls#LoadX509KeyPair) to populate the

              .Builder(ConnectionSpec.MODERN_TLS)
              .cipherSuites(cipherSuite)
              .build(),
          ),
        ).build()
    val serverCertificates =
      HandshakeCertificates
        .Builder()
        .build()
    server.useHttps(
      socketFactoryWithCipherSuite(serverCertificates.sslSocketFactory(), cipherSuite),
    )
    executeSynchronously("/")

     * @param cipherSuite cipher suite used
     * @param sessionId session identifier
     */
    public void logEncryption(boolean enabled, String cipherSuite, String sessionId) {
        EventType type = enabled ? EventType.ENCRYPTION_ENABLED : EventType.ENCRYPTION_FAILED;

        Map<String, Object> context = getContextMap();
        context.put("cipherSuite", cipherSuite);

        Regex(
          """secureConnectEnd: Handshake\{tlsVersion=TLS_1_[23] cipherSuite=TLS_.* peerCertificates=\[CN=localhost] localCertificates=\[]\}""",
        ),
      ).assertLogMatch(Regex("""connectEnd: h2"""))
      .assertLogMatch(
        Regex("""connectionAcquired: Connection\{${url.host}:\d+, proxy=DIRECT hostAddress=${url.host}/.+ cipherSuite=.+ protocol=h2\}"""),
      ).assertLogMatch(Regex("""requestHeadersStart"""))

@file:JvmName("Internal")
@file:Suppress("ktlint:standard:filename")

package okhttp3.internal

import java.nio.charset.Charset
import javax.net.ssl.SSLSocket
import okhttp3.Cache
import okhttp3.CipherSuite
import okhttp3.ConnectionPool
import okhttp3.ConnectionSpec
import okhttp3.Cookie
import okhttp3.Headers
import okhttp3.HttpUrl
import okhttp3.MediaType
import okhttp3.MediaType.Companion.toMediaTypeOrNull