}
        }
        return cipher;
    }

    protected Cipher pollEncryptoCipher(final Key key) {
        Cipher cipher = encryptoQueue.poll();
        if (cipher == null) {
            try {
                cipher = Cipher.getInstance(transformation);
                cipher.init(Cipher.ENCRYPT_MODE, key);
            } catch (final InvalidKeyException e) {

        };
        roleQueryHelperImpl.cipher = cipher;

        Set<String> roleSet;
        boolean encrypted;
        String value;

        encrypted = true;
        value = cipher.encryptoText("");
        roleSet = decodedRoleList(roleQueryHelperImpl, value, encrypted);
        assertEquals(0, roleSet.size());

        encrypted = true;
        value = cipher.encryptoText("role1");

---

<a name="tlsv13_only"></a>
#### ¹ TLSv1.3 Only

Cipher suites that are only available with TLSv1.3.

<a name="http2_naughty"></a>
#### ² HTTP/2 Cipher Suite Denylist

Cipher suites that are [discouraged for use][http2_denylist] with HTTP/2. OkHttp includes them because better suites are not commonly available. For example, none of the better cipher suites listed above shipped with Android 4.4 or Java 7.

        return new HMACT64(key);
    }


    /**
     * 
     * @param key
     * @return RC4 cipher
     */
    public static Cipher getArcfour ( byte[] key ) {
        try {
            Cipher c = Cipher.getInstance("RC4");
            c.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(key, "RC4"));
            return c;
        }
        catch (
            NoSuchAlgorithmException |

        byte[] keybytes = key.getEncoded();
        Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
        cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(keybytes, "AES"), new IvParameterSpec(ZERO_IV, 0, ZERO_IV.length));
        if ( constant.length != cipher.getBlockSize() ) {
            constant = expandNFold(constant, cipher.getBlockSize());
        }
        byte[] enc = constant;

        SecretKeySpec dataKey = new SecretKeySpec(dataHmac, KerberosConstants.RC4_ALGORITHM);

        cipher = Cipher.getInstance(KerberosConstants.RC4_ALGORITHM);
        cipher.init(Cipher.DECRYPT_MODE, dataKey);

        int plainDataLength = data.length - KerberosConstants.CHECKSUM_SIZE;
        byte[] plainData = cipher.doFinal(data, KerberosConstants.CHECKSUM_SIZE, plainDataLength);

   * order for a socket to be compatible the enabled cipher suites and protocols must intersect.
   *
   * For cipher suites, at least one of the [required cipher suites][cipherSuites] must match the
   * socket's enabled cipher suites. If there are no required cipher suites the socket must have at
   * least one cipher suite enabled.
   *

        final PrimaryCipher cipher = ComponentUtil.getPrimaryCipher();
        ParameterUtil.parse(value).entrySet().stream().map(e -> {
            final String k = e.getKey();
            final String v = e.getValue();
            if (properyPattern.matcher(k).matches() && !v.startsWith(CIPHER_PREFIX)) {
                return new Pair<>(k, CIPHER_PREFIX + cipher.encrypt(v));
            }

const Enabled = enabled

// DARECiphers returns a list of supported cipher suites
// for the DARE object encryption.
func DARECiphers() []byte {
	if Enabled {
		return []byte{sio.AES_256_GCM}
	}
	return []byte{sio.AES_256_GCM, sio.CHACHA20_POLY1305}
}

// TLSCiphers returns a list of supported TLS transport
// cipher suite IDs.
//
// The list contains only ciphers that use AES-GCM or

with certificates and the privacy of data exchanged with strong ciphers.

When negotiating a connection to an HTTPS server, OkHttp needs to know which [TLS versions](https://square.github.io/okhttp/4.x/okhttp/okhttp3/-tls-version/) and [cipher suites](https://square.github.io/okhttp/4.x/okhttp/okhttp3/-cipher-suite/) to offer. A client that wants to maximize connectivity would include obsolete TLS versions and weak-by-design cipher suites. A strict client that wants to maximize security would...