val chrome80 = sslLabsClients.first { it.userAgent == "Chrome" && it.version == "80" }
  val firefox34 = sslLabsClients.first { it.userAgent == "Firefox" && it.version == "34" }
  val firefox53 = sslLabsClients.first { it.userAgent == "Firefox" && it.version == "53" }
  val firefox73 = sslLabsClients.first { it.userAgent == "Firefox" && it.version == "73" }
  val java7 = sslLabsClients.first { it.userAgent == "Java" && it.version == "7u25" }

[OkHttp 3.14][OkHttp314]
------------------------

_2019-03-14_

Remove 2 TLSv1.3 cipher suites that are neither available on OkHttp’s host platforms nor enabled in releases of Chrome and Firefox.

##### RESTRICTED_TLS cipher suites

 * TLS_AES_128_GCM_SHA256[¹][tlsv13_only]
 * TLS_AES_256_GCM_SHA384[¹][tlsv13_only]
 * TLS_CHACHA20_POLY1305_SHA256[¹][tlsv13_only]
 * TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

        return if (delta > 0L) delta else 0L
      }

      if (lastModified != null && cacheResponse.request.url.query == null) {
        // As recommended by the HTTP RFC and implemented in Firefox, the max age of a document
        // should be defaulted to 10% of the document's age at the time it was served. Default
        // expiration dates aren't used for URIs containing a query.

 * Simplified from
 * https://hc.apache.org/httpcomponents-client-5.0.x/httpclient5/examples/AsyncClientTlsAlpn.java
 *
 * Mainly intended to verify behaviour of popular clients across Android versions, similar
 * to observing Firefox or Chrome browser behaviour.
 */
class ApacheHttpClientHttp2Test {
  @Test
  fun testHttp2() {
    val client = HttpAsyncClients.createHttp2Default()

    client.use { client ->
      client.start()

      .isEqualTo(lastModifiedDate)
  }

  @Test
  fun maxAgeInThePastWithDateHeaderButNoLastModifiedHeader() {
    // Chrome interprets max-age relative to the local clock. Both our cache
    // and Firefox both use the earlier of the local and server's clock.
    assertNotCached(
      MockResponse.Builder()
        .addHeader("Date: " + formatDate(-120, TimeUnit.SECONDS))
        .addHeader("Cache-Control: max-age=60")

- OkHttp targets the intersection of RFC correct *and* widely implemented.  Incorrect implementations that are very widely implemented e.g. a bug in Apache, Nginx, Google, Firefox should also be handled.

Before your code can be accepted into the project you must also sign the
[Individual Contributor License Agreement (CLA)][1].

      "Invalid URL host: \"[0.0.0.0:0:0:0:0:0:1]\"",
    )
  }

  @Test
  fun hostIpv6WithIncompleteIpv4Suffix() {
    // To Chrome & Safari these are well-formed; Firefox disagrees. (We're consistent with Firefox).
    assertInvalid(
      "http://[0:0:0:0:0:1:255.255.255.]/",
      "Invalid URL host: \"[0:0:0:0:0:1:255.255.255.]\"",
    )
    assertInvalid(
      "http://[0:0:0:0:0:1:255.255.255]/",

Caching
=======

OkHttp implements an optional, off by default, Cache. OkHttp aims for RFC correct and
pragmatic caching behaviour, following common real-world browser like Firefox/Chrome and 
server behaviour when ambiguous.

# Basic Usage

```kotlin
  private val client: OkHttpClient = OkHttpClient.Builder()
      .cache(Cache(
          directory = File(application.cacheDir, "http_cache"),
          // $0.05 worth of phone storage in 2020

 * called certificate authorities (CAs).
 *
 * Browsers and other HTTP clients need a set of trusted root certificates to authenticate their
 * peers. Sets of root certificates are managed by either the HTTP client (like Firefox), or the
 * host platform (like Android). In July 2018 Android had 134 trusted root certificates for its HTTP
 * clients to trust.
 *
 * For example, in order to establish a secure connection to `https://www.squareup.com/`,

      return Integer.valueOf(header)
    }
    return Integer.MAX_VALUE
  }

  companion object {
    /**
     * How many redirects and auth challenges should we attempt? Chrome follows 21 redirects; Firefox,
     * curl, and wget follow 20; Safari follows 16; and HTTP/1.0 recommends 5.
     */
    private const val MAX_FOLLOW_UPS = 20
  }