* client. Applications may use this class to monitor HTTP connections as members of a
 * [connection pool][ConnectionPool].
 *
 * Do not confuse this class with the misnamed `HttpURLConnection`, which isn't so much a connection
 * as a single request/response exchange.
 *
 * ## Modern TLS
 *
 * There are trade-offs when selecting which options to include when negotiating a secure connection

  }

  /**
   * A trust manager for Android applications that customize the trust manager.
   *
   * This class exploits knowledge of Android implementation details. This class is potentially
   * much faster to initialize than [BasicTrustRootIndex] because it doesn't need to load and
   * index trusted CA certificates.
   */
  internal data class CustomTrustRootIndex(
    private val trustManager: X509TrustManager,

    when {
      PlatformVersion.majorVersion > 11 ->
        assertThat(s.enabledProtocols.toList()).containsExactly(
          "TLSv1.3",
          "TLSv1.2",
        )
      // Not much we can guarantee on JDK 11.
      PlatformVersion.majorVersion == 11 ->
        assertThat(s.enabledProtocols.toList()).contains(
          "TLSv1.2",
        )
      // JDK 8 291 removed older versions

(double-press shift) or under the _Analyze_ menu.

We’ve included deprecated APIs in OkHttp 4.0 because they make migration easy. We will remove them
in a future release! If you’re skipping releases, it’ll be much easier if you upgrade to OkHttp 4.0
as an intermediate step.

#### Vars and Vals

Java doesn’t have language support for properties so developers make do with getters and setters.

   * ```
   *
   * But this chain is wrong because the attackerSwitch certificate is being used in a CA role even
   * though it is not a CA certificate. There are pinned certificates in the chain! The correct
   * chain is much shorter because it skips the non-CA certificate.
   *
   * ```
   *   attackerCa
   *     -> attackerIntermediate
   *         -> phonyVictim
   * ```
   *

   * be received. The default implementation returns an empty response. Mischievous implementations
   * can return other values to test HTTP edge cases, such as unhappy socket policies or throttled
   * request bodies.
   */
  open fun peek(): MockResponse {
    return MockResponse(socketPolicy = KeepOpen)
  }

  /**

   * detail is invisible to the caller, but subtle use of certain APIs may depend on these internal
   * structures.
   *
   * We make such subtle calls in [okhttp3.internal.ws.MessageInflater] because we try to read a
   * compressed stream that is terminated in a web socket frame even though the DEFLATE stream is
   * not terminated.
   *

       by the test: okhttp/src/test/java/okhttp3/osgi/OsgiTest.java

       - The compressed index.xml file contains a timestamp property which
       changes with every test execution, such that running the test
       actually changes the test classpath itself. This means that it
       can"t benefit from incremental build acceleration, because on every

   * upgrade.
   *
   * If the response body is closed before the response body is exhausted, this is invoked at the
   * time it is closed. In such calls [byteCount] is the number of bytes returned to the
   * application. This may be smaller than the resource's byte count if were read to completion.
   *
   * This method is always invoked after [responseBodyStart].
   */

Pinning ([.kt][CertificatePinningKotlin], [.java][CertificatePinningJava])

By default, OkHttp trusts the certificate authorities of the host platform. This strategy maximizes connectivity, but it is subject to certificate authority attacks such as the [2011 DigiNotar attack](https://www.computerworld.com/article/2510951/cybercrime-hacking/hackers-spied-on-300-000-iranians-using-fake-google-certificate.html). It also assumes your HTTPS servers’ certificates are signed by a certificate authority....