return try {
      // Attempt to get the trust manager from an OpenJDK socket factory. We attempt this on all
      // platforms in order to support Robolectric, which mixes classes from both Android and the
      // Oracle JDK. Note that we don't support HTTP/2 or other nice features on Robolectric.
      val sslContextClass = Class.forName("sun.security.ssl.SSLContextImpl")

      emptyList()
    }
  }

  /**
   * Convert a request header to OkHttp's cookies via [HttpCookie]. That extra step handles
   * multiple cookies in a single request header, which [Cookie.parse] doesn't support.
   */
  private fun decodeHeaderAsJavaNetCookies(
    url: HttpUrl,
    header: String,
  ): List<Cookie> {
    val result = mutableListOf<Cookie>()
    var pos = 0
    val limit = header.length

   * favor of supporting what's actually used in practice. That means if these assertions ever fail,
   * the implementation will need to be revisited to support a more flexible rule.
   */
  private fun assertWildcardRule(rule: String) {
    check(rule.startsWith(WILDCARD_CHAR)) {
      """Wildcard Assertion Failure: '$rule'

  val ca: Boolean,
  /** The maximum number of intermediate CAs between this and leaf certificates. */
  val maxIntermediateCas: Long?,
)

/** A private key. Note that this class doesn't support attributes or an embedded public key. */
internal data class PrivateKeyInfo(
  // v1(0), v2(1).
  val version: Long,
  val algorithmIdentifier: AlgorithmIdentifier,
  val privateKey: ByteString,
) {

    Typically this would cause certain redirects to fail in debug and development configurations.


## Version 4.4.0

_2020-02-17_

 *  New: Support `canceled()` as an event that can be observed by `EventListener`. This should be
    useful for splitting out canceled calls in metrics.

    server.enqueue(builder.build())
    server.enqueue(builder.build())
    val inputStream = getResponse(newRequest("/")).body.byteStream()
    assertThat(inputStream.markSupported(), "This implementation claims to support mark().")
      .isFalse()
    inputStream.mark(5)
    assertThat(readAscii(inputStream, 5)).isEqualTo("ABCDE")
    assertFailsWith<IOException> {
      inputStream.reset()
    }

import okio.Timeout

/**
 * Bridge between OkHttp's application and network layers. This class exposes high-level application
 * layer primitives: connections, requests, responses, and streams.
 *
 * This class supports [asynchronous canceling][cancel]. This is intended to have the smallest
 * blast radius possible. If an HTTP/2 stream is active, canceling will cancel that stream but not

| [Corretto]       | ✅      | ✅           | [OpenSSL]       | Amazon's high-performance provider. [Tracking bug.][bug5592] |

All providers support HTTP/1.1 and TLSv1.2.


[BoringSSL]: https://boringssl.googlesource.com/boringssl/
[Bouncy Castle]: https://www.bouncycastle.org/java.html
[Conscrypt]: https://www.conscrypt.org/

 * **REMOVED:** ~~TLS_AES_128_CCM_8_SHA256[¹][tlsv13_only]~~

[OkHttp 3.13][OkHttp313]
------------------------

_2019-02-04_

Remove TLSv1.1 and TLSv1 from MODERN_TLS. Change COMPATIBLE_TLS to support all TLS versions.

##### RESTRICTED_TLS versions

* TLSv1.3
* TLSv1.2

##### MODERN_TLS versions

* TLSv1.3
* TLSv1.2
* **REMOVED:** ~~TLSv1.1~~
* **REMOVED:** ~~TLSv1~~

    .build();
```

The TLS versions and cipher suites in each spec can change with each release. For example, in OkHttp 2.2 we dropped support for SSL 3.0 in response to the [POODLE](https://googleonlinesecurity.blogspot.ca/2014/10/this-poodle-bites-exploiting-ssl-30.html) attack. And in OkHttp 2.3 we dropped support for [RC4](https://en.wikipedia.org/wiki/RC4#Security). As with your desktop web browser, staying up-to-date with OkHttp is the best way to stay secure.