) {
  }

  /** Called after the TLS handshake to release resources allocated by [configureTlsExtensions]. */
  open fun afterHandshake(sslSocket: SSLSocket) {
  }

  /** Returns the negotiated protocol, or null if no protocol was negotiated. */
  open fun getSelectedProtocol(sslSocket: SSLSocket): String? = null

  /** For MockWebServer. This returns the inbound SNI names. */
  @Suppress("NewApi")

  public val proxyAddress: Proxy
    get() = Proxy(Proxy.Type.HTTP, socketAddress)

  /**
   * True if ALPN is used on incoming HTTPS connections to negotiate a protocol like HTTP/1.1 or
   * HTTP/2. This is true by default; set to false to disable negotiation and restrict connections
   * to HTTP/1.1.
   */
  public var protocolNegotiationEnabled: Boolean = true

  /**

            ) {
              val sslSocket = connection.socket() as SSLSocket
              println("Requested " + sslSocket.sslParameters.applicationProtocols.joinToString())
              println("Negotiated " + sslSocket.applicationProtocol)
            }
          },
        ).build()

    val request =
      Request
        .Builder()
        .url("https://www.google.com")
        .build()

          message == "No session to resume." -> Type.Handshake
          message.startsWith("Consuming ") -> Type.Handshake
          message.startsWith("Produced ") -> Type.Handshake
          message.startsWith("Negotiated ") -> Type.Handshake
          message.startsWith("Found resumable session") -> Type.Handshake
          message.startsWith("Resuming session") -> Type.Handshake

import jakarta.servlet.http.HttpServletResponse;

/**
 * SPNEGO (Security Provider Negotiation Protocol) authenticator implementation.
 *
 * This class provides Single Sign-On (SSO) authentication using the SPNEGO protocol,
 * which is commonly used for Kerberos-based authentication in Windows environments.
 * It handles the negotiation between client and server to establish a secure

There may be many routes for a single address. For example, a webserver that is hosted in multiple datacenters may yield multiple IP addresses in its DNS response.

 *  * If `server_max_window_bits` is less than 15, OkHttp will waste memory on an oversized buffer.
 *
 * See [RFC 7692, 7.1][rfc_7692] for details on negotiation process.
 *
 * [rfc_7692]: https://tools.ietf.org/html/rfc7692#section-7.1
 */
@IgnoreJRERequirement // As of AGP 3.4.1, D8 desugars API 24 hashCode methods.
data class WebSocketExtensions(

    // we should try the next route (if there is one).
    if (e is InterruptedIOException) {
      return e is SocketTimeoutException && !requestSendStarted
    }

    // Look for known client-side or negotiation errors that are unlikely to be fixed by trying
    // again with a different route.
    if (e is SSLHandshakeException) {
      // If the problem was a CertificateException from the X509TrustManager,
      // do not retry.

_2025-10-07_

 *  New: Support [HTTP 101] responses with `Response.socket`. This mechanism is only supported on
    HTTP/1.1. We also reimplemented our websocket client to use this new mechanism.

 *  New: The `okhttp-zstd` module negotiates [Zstandard (zstd)][zstd] compression with servers that
    support it. It integrates a new (unstable) [ZSTD-KMP] library, also from Square. Enable it like
    this:

    ```kotlin
    val client = OkHttpClient.Builder()

		mfs, err := gatherers.Gather()
		if err != nil {
			if len(mfs) == 0 {
				writeErrorResponseJSON(r.Context(), w, toAdminAPIErr(r.Context(), err), r.URL)
				return
			}
		}

		contentType := expfmt.Negotiate(r.Header)
		w.Header().Set("Content-Type", string(contentType))

		enc := expfmt.NewEncoder(w, contentType)
		for _, mf := range mfs {
			if err := enc.Encode(mf); err != nil {