if (openJSSE != null) {
          return openJSSE
        }
      }

      // An Oracle JDK 9 like OpenJDK, or JDK 8 251+.
      val jdk9 = Jdk9Platform.buildIfSupported()

      if (jdk9 != null) {
        return jdk9
      }

      // An Oracle JDK 8 like OpenJDK, pre 251.
      val jdkWithJettyBoot = Jdk8WithJettyBootPlatform.buildIfSupported()

      call.execute()
    }.also { expected ->
      when (expected) {
        is SSLHandshakeException -> {
          // JDK 11+
        }
        is SSLException -> {
          // javax.net.ssl.SSLException: readRecord
        }
        is SocketException -> {
          // Conscrypt, JDK 8 (>= 292), JDK 9
        }
        else -> {
          assertThat(expected.message).isEqualTo("exhausted all routes")
        }

 * Example of using a hardware key to perform client auth.
 * Prefer recent JDK builds, and results are temperamental to slight environment changes.
 * Different instructions and configuration may be required for other hardware devices.
 *
 * Using a yubikey device as a SSL key store.
 * https://lauri.võsandi.com/2017/03/yubikey-for-ssh-auth.html
 *
 * Using PKCS11 support in the JDK.
 * https://tersesystems.com/blog/2018/09/08/keymanagers-and-keystores/

    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Configure JDK
        uses: actions/setup-java@v4
        with:
          distribution: 'zulu'
          java-version: 17

      - uses: actions/setup-python@v5
        with:
          python-version: 3.x

  @BeforeEach
  fun setUp(server: MockWebServer) {
    this.server = server

    // Default after JDK 14, but we are avoiding tests that assume special setup.
    // System.setProperty("jdk.tls.client.enableSessionTicketExtension", "true")
    // System.setProperty("jdk.tls.server.enableSessionTicketExtension", "true")

    // IllegalStateException: Cannot resume session and session creation is disabled

    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Configure JDK
        uses: actions/setup-java@v4
        with:
          distribution: 'zulu'
          java-version: 17

      - name: Setup Gradle
        uses: gradle/actions/setup-gradle@v3

      try {
        // 1.8, 9, 10, 11, 12 etc
        val version = jvmVersion.toInt()
        if (version >= 9) return null
      } catch (_: NumberFormatException) {
        // expected on >= JDK 9
      }

      // Find Jetty's ALPN extension for OpenJDK.
      try {
        val alpnClassName = "org.eclipse.jetty.alpn.ALPN"
        val alpnClass = Class.forName(alpnClassName, true, null)

          // RI response to the FAIL_HANDSHAKE
        }
        is SSLHandshakeException -> {
          // Android's response to the FAIL_HANDSHAKE
        }
        is SSLException -> {
          // JDK 1.9 response to the FAIL_HANDSHAKE
          // javax.net.ssl.SSLException: Unexpected handshake message: client_hello
        }
        is SocketException -> {
          // Conscrypt's response to the FAIL_HANDSHAKE

| Android default  | ✅      | Android 10+  | [BoringSSL]     |                                                              |
| [GraalVM]        | ✅      |              | [OpenJDK]       | Only actively tested with JDK 11, not with 8 target          |
| [Bouncy Castle]  | ✅      |              | [Bouncy Castle] | [Tracking bug.][bug5698]                                     |

          handler.formatter = OneLineLogFormat()
          val activeLogger = getLogger("")
          activeLogger.addHandler(handler)
          activeLogger.level = Level.ALL

          getLogger("jdk.event.security").level = Level.INFO
          getLogger("org.conscrypt").level = Level.INFO
        } else {
          if (showHttp2Frames) {
            val activeLogger = getLogger(Http2::class.java.name)