new SecureRandom().nextBytes(testDecryptionKey);

        // Create encryption context with required parameters
        encryptionContext = new Smb2EncryptionContext(1, DialectVersion.SMB311, testEncryptionKey, testDecryptionKey);
    }

    @Test
    @DisplayName("Should create encryption context with valid parameters")
    void testConstructor() {
        // When

    /**
     * AES-128-CCM cipher identifier for SMB3 encryption
     */
    public static final int CIPHER_AES_128_CCM = EncryptionNegotiateContext.CIPHER_AES128_CCM;
    /**
     * AES-128-GCM cipher identifier for SMB3.1.1 encryption
     */
    public static final int CIPHER_AES_128_GCM = EncryptionNegotiateContext.CIPHER_AES128_GCM;
    /**
     * AES-256-CCM cipher identifier for SMB3 encryption (future support)
     */

                    // Server requires encryption - create encryption context
                    try {
                        if (log.isDebugEnabled()) {
                            log.debug("Server requires encryption, creating encryption context");
                        }
                        SmbTransportImpl transport = getTransport();

package jcifs.internal.smb2.nego;

import jcifs.Configuration;
import jcifs.internal.SMBProtocolDecodingException;
import jcifs.internal.util.SMBUtil;

/**
 * SMB2 Encryption Negotiate Context.
 *
 * This negotiate context is used in SMB 3.x to negotiate
 * encryption capabilities and cipher suites.
 *
 * @author mbechler
 */
public class EncryptionNegotiateContext implements NegotiateContextRequest, NegotiateContextResponse {

    }

    /**
     * Test that encryption is properly configured
     */
    @Test
    public void testEncryptionConfiguration() throws CIFSException {
        BaseConfiguration config = new BaseConfiguration(true);

        // Verify encryption configuration is available (default is false for compatibility)
        // But can be enabled when needed

* Certificates have a **lifetime**.
    * They **expire**.
    * And then they need to be **renewed**, **acquired again** from the third party.
* The encryption of the connection happens at the **TCP level**.
    * That's one layer **below HTTP**.
    * So, the **certificate and encryption** handling is done **before HTTP**.
* **TCP doesn't know about "domains"**. Only about IP addresses.

    }

    /**
     * Test encryption context performance without synchronization bottlenecks
     */
    @Test
    public void testEncryptionContextPerformance() throws Exception {
        // Create mock encryption context for testing (simplified)
        // Note: This tests the atomic operations without actual encryption

        int threadCount = 8;
        int operationsPerThread = 500;

    /**
     * @return the selectedDialect
     */
    @Override
    public DialectVersion getSelectedDialect() {
        return this.selectedDialect;
    }

    /**
     * Gets the encryption cipher selected for SMB3 encryption.
     *
     * @return the selectedCipher
     */
    public int getSelectedCipher() {
        return this.selectedCipher;
    }

    /**

     * negotiation, SMB encryption is not implemented yet.
     *
     * @return whether SMB encryption is enabled
     * @since 2.1
     */
    boolean isEncryptionEnabled();

    /**
     * Property {@code jcifs.smb.client.preferredCiphers} (string, default "AES_128_GCM,AES_128_CCM,AES_256_GCM,AES_256_CCM")
     *
     * @return preferred encryption cipher list in order of preference for SMB3 encryption

    /** Whether SMB3 encryption is enabled */
    protected boolean encryptionEnabled = false;
    /** Whether SMB3 compression is enabled */
    protected boolean compressionEnabled = false;
    /** Preferred encryption ciphers in order of preference */
    protected String preferredCiphers = "AES_128_GCM,AES_128_CCM,AES_256_GCM,AES_256_CCM";
    /** Whether AES-256 encryption is enabled */