.containsExactly(TlsVersion.TLS_1_2)
    assertThat(tlsSpec.supportsTlsExtensions).isTrue()
  }

  @Test
  fun tls_defaultCiphers_noFallbackIndicator() {
    platform.assumeNotConscrypt()
    platform.assumeNotBouncyCastle()
    val tlsSpec =
      ConnectionSpec.Builder(true)
        .tlsVersions(TlsVersion.TLS_1_2)
        .supportsTlsExtensions(false)
        .build()

  }

  @Test
  fun testDefaultHandshakeCipherSuiteOrderingTls12Restricted() {
    // We are avoiding making guarantees on ordering of secondary Platforms.
    platform.assumeNotConscrypt()
    platform.assumeNotBouncyCastle()

    val client = makeClient(ConnectionSpec.RESTRICTED_TLS, TlsVersion.TLS_1_2)

    val handshake = makeRequest(client)

  private lateinit var server: MockWebServer

  @BeforeEach
  fun setup(server: MockWebServer) {
    this.server = server

    // BCX509ExtendedTrustManager not supported in TlsUtil.newTrustManager
    platform.assumeNotBouncyCastle()
  }

  @Test fun `untrusted host in insecureHosts connects successfully`() {
    val serverCertificates = platform.localhostHandshakeCertificates()
    server.useHttps(serverCertificates.sslSocketFactory())

   */
  @Test fun verifyNonAsciiSubjectAlt() {
    // Expecting actual:
    //  ["bar.com", "花子.co.jp"]
    // to contain exactly (and in same order):
    //  ["bar.com", "������.co.jp"]
    platform.assumeNotBouncyCastle()

    // CN=foo.com, subjectAlt=bar.com, subjectAlt=花子.co.jp
    // (hanako.co.jp in kanji)
    val session =
      session(
        """
        -----BEGIN CERTIFICATE-----

  private lateinit var server: MockWebServer

  @BeforeEach
  fun setUp(server: MockWebServer) {
    this.server = server

    // Test designed for Conscrypt and JSSE
    platform.assumeNotBouncyCastle()
  }

  @ParameterizedTest
  @MethodSource("connectionTypes")
  fun testConnection(socketMode: SocketMode) {
    // https://github.com/square/okhttp/pull/6554
    assumeFalse(

  }

  @AfterEach fun tearDown() {
    executorService.shutdown()
    serverSocket?.closeQuietly()
  }

  @Test fun clientAndServer() {
    platform.assumeNotConscrypt()
    platform.assumeNotBouncyCastle()

    val clientRoot =
      HeldCertificate.Builder()
        .certificateAuthority(1)
        .build()
    val clientIntermediate =
      HeldCertificate.Builder()
        .certificateAuthority(0)

    // System.setProperty("jdk.tls.server.enableSessionTicketExtension", "true")

    // IllegalStateException: Cannot resume session and session creation is disabled
    platform.assumeNotBouncyCastle()
  }

  @ParameterizedTest(name = "{displayName}({arguments})")
  @ValueSource(strings = ["TLSv1.2", "TLSv1.3"])
  @Flaky
  fun testSessionReuse(tlsVersion: String) {

      .fastFallback(fastFallback)
      .build()

  @BeforeEach
  fun setUp(server: MockWebServer?) {
    this.server = server
    platform.assumeNotOpenJSSE()
    platform.assumeNotBouncyCastle()
    listener.forbidLock(get(client.connectionPool))
    listener.forbidLock(client.dispatcher)
  }

  @ParameterizedTest
  @ValueSource(booleans = [true, false])
  fun successfulCallEventSequence() {

    enableProtocol(Protocol.HTTP_2)
    noRecoverWhenRetryOnConnectionFailureIsFalse()
  }

  @Test
  fun tlsHandshakeFailure_noFallbackByDefault() {
    platform.assumeNotBouncyCastle()

    server.useHttps(handshakeCertificates.sslSocketFactory())
    server.enqueue(MockResponse(socketPolicy = FailHandshake))
    server.enqueue(MockResponse(body = "response that will never be received"))

  private lateinit var clientCert: HeldCertificate

  @BeforeEach
  fun setUp(server: MockWebServer) {
    this.server = server
    platform.assumeNotOpenJSSE()
    platform.assumeNotBouncyCastle()
    serverRootCa =
      HeldCertificate.Builder()
        .serialNumber(1L)
        .certificateAuthority(1)
        .commonName("root")
        .addSubjectAlternativeName("root_ca.com")
        .build()