private int[] ciphers;

    /**
     * Constructs an encryption negotiate context.
     *
     * @param config the configuration (currently unused)
     * @param ciphers array of encryption cipher IDs to negotiate
     */
    public EncryptionNegotiateContext(final Configuration config, final int ciphers[]) {
        this.ciphers = ciphers;
    }

    /**

        void testConstructorWithConfigAndCiphers() {
            int[] ciphers = { EncryptionNegotiateContext.CIPHER_AES128_CCM, EncryptionNegotiateContext.CIPHER_AES128_GCM };

            EncryptionNegotiateContext context = new EncryptionNegotiateContext(mockConfig, ciphers);

            assertNotNull(context);
            assertArrayEquals(ciphers, context.getCiphers());
        }

        void testConstructorWithParameters() {
            int[] ciphers = { EncryptionNegotiateContext.CIPHER_AES128_CCM, EncryptionNegotiateContext.CIPHER_AES128_GCM };

            context = new EncryptionNegotiateContext(mockConfig, ciphers);

            assertEquals(EncryptionNegotiateContext.NEGO_CTX_ENC_TYPE, context.getContextType());
            assertArrayEquals(ciphers, context.getCiphers());
        }

        @Test

            if (config.isEncryptionEnabled()) {
                // Build cipher list based on AES-256 support
                List<Integer> ciphers = new ArrayList<>();

                // Prefer GCM over CCM for better performance
                if (config.isAES256Enabled()) {
                    ciphers.add(EncryptionNegotiateContext.CIPHER_AES256_GCM);
                    ciphers.add(EncryptionNegotiateContext.CIPHER_AES256_CCM);
                }

            // Assert
            // Note: size() returns 4 + (2*ciphers.length) but encode only writes 2 + (2*ciphers.length)
            // This appears to be a bug in the implementation, but we test the actual behavior
            assertEquals(6, encodedSize); // actual encoded size: 2 bytes count + 2*2 bytes for ciphers
            assertEquals(2, buffer[0]); // cipher count (little endian)
            assertEquals(0, buffer[1]);

  private val handshakeCertificates = platform.localhostHandshakeCertificates()

  /** Ciphers in order we observed directly on the socket. */
  private lateinit var handshakeEnabledCipherSuites: List<String>

  /** Ciphers in order we observed on sslSocketFactory defaults. */
  private lateinit var defaultEnabledCipherSuites: List<String>

  /** Ciphers in order we observed on sslSocketFactory supported. */

            final Cipher cipher = Cipher.getInstance(transformation);
            final GCMParameterSpec gcmSpec = new GCMParameterSpec(getAuthTagLength() * 8, nonce);

            cipher.init(encrypt ? Cipher.ENCRYPT_MODE : Cipher.DECRYPT_MODE, keySpec, gcmSpec);
            return cipher;
        } finally {
            // Guaranteed cleanup of all key material
            if (key != null) {

     * @return a decryption cipher
     */
    protected Cipher pollDecryptoCipher() {
        Cipher cipher = decryptoQueue.poll();
        if (cipher == null) {
            final SecretKeySpec sksSpec = new SecretKeySpec(key.getBytes(), algorithm);
            try {
                cipher = Cipher.getInstance(algorithm);
                cipher.init(Cipher.DECRYPT_MODE, sksSpec);
            } catch (final InvalidKeyException e) {

  val survey = CipherSuiteSurvey(clients = clients, ianaSuites = ianaSuitesNew, orderBy = orderBy)

  survey.printGoogleSheet()
}

fun rest(clients: List<Client>): List<SuiteId> {
  // combine all ciphers to get these near the top
  return clients.flatMap { it.enabled }

with certificates and the privacy of data exchanged with strong ciphers.

When negotiating a connection to an HTTPS server, OkHttp needs to know which [TLS versions](https://square.github.io/okhttp/4.x/okhttp/okhttp3/-tls-version/) and [cipher suites](https://square.github.io/okhttp/4.x/okhttp/okhttp3/-cipher-suite/) to offer. A client that wants to maximize connectivity would include obsolete TLS versions and weak-by-design cipher suites. A strict client that wants to maximize security would...