Applications that want to use the global SSL context with OkHttp should configure their
OkHttpClient instances with the following:

```java
okHttpClient.setSslSocketFactory(HttpsURLConnection.getDefaultSSLSocketFactory());
```

A simpler solution is to avoid the shared default SSL socket factory. Instead, if you
need to customize SSL, do so for your specific OkHttpClient instance only.

##### Synthetic headers have changed

![Events Diagram](../assets/images/******@****.***)

Here’s a [sample event listener](https://github.com/square/okhttp/blob/master/samples/guide/src/main/java/okhttp3/recipes/PrintEventsNonConcurrent.java) that prints each event with a timestamp.

```java
class PrintingEventListener extends EventListener {

import java.io.IOException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;

import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;

/**
 * Simple test adaptable to show a failure in older versions of OkHttp
 * or Android SDKs.
 */
@RunWith(AndroidJUnit4.class)
public class IssueReproductionTest {
  @Test public void getFailsWithoutAdditionalCert() throws IOException {

import javax.net.ssl.SSLSocket
import okhttp3.Protocol
import okhttp3.internal.platform.BouncyCastlePlatform
import okhttp3.internal.platform.Platform
import org.bouncycastle.jsse.BCSSLSocket

/**
 * Simple non-reflection SocketAdapter for BouncyCastle.
 */
class BouncyCastleSocketAdapter : SocketAdapter {
  override fun matchesSocket(sslSocket: SSLSocket): Boolean = sslSocket is BCSSLSocket

/**
 * Simplified from
 * https://hc.apache.org/httpcomponents-client-5.0.x/httpclient5/examples/AsyncClientTlsAlpn.java
 *
 * Mainly intended to verify behaviour of popular clients across Android versions, similar
 * to observing Firefox or Chrome browser behaviour.
 */
class ApacheHttpClientHttp2Test {
  @Test
  fun testHttp2() {
    val client = HttpAsyncClients.createHttp2Default()

    client.use { client ->

package okhttp3.sample;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.SecureRandom;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import okhttp3.mockwebserver.Dispatcher;

 [CVE-2021-0341]: https://nvd.nist.gov/vuln/detail/CVE-2021-0341
 [CVE-2022-24329]: https://nvd.nist.gov/vuln/detail/CVE-2022-24329
 [dev_server]: https://github.com/square/okhttp/blob/482f88300f78c3419b04379fc26c3683c10d6a9d/samples/guide/src/main/java/okhttp3/recipes/kt/DevServer.kt
 [fun_interface]: https://kotlinlang.org/docs/reference/fun-interfaces.html
 [iana_websocket]: https://www.iana.org/assignments/websocket/websocket.txt

    address[b++] = (value.ushr(8) and 0xff).toByte()
    address[b++] = (value and 0xff).toByte()
  }

  // All done. If compression happened, we need to move bytes to the right place in the
  // address. Here's a sample:
  //
  //      input: "1111:2222:3333::7777:8888"
  //     before: { 11, 11, 22, 22, 33, 33, 00, 00, 77, 77, 88, 88, 00, 00, 00, 00  }
  //   compress: 6
  //          b: 10

    val multipart =
      """
      |--simple boundary
      |
      |abcd
      |--simple boundary--
      """.trimMargin()
        .replace(Regex("(?m)simple boundary$"), "simple boundary \t \t")
        .replace("\n", "\r\n")

    val parts =
      MultipartReader(
        boundary = "simple boundary",
        source = Buffer().writeUtf8(multipart),
      )

 * interfere with session-based authentication schemes that require cookies.
 *
 * As persistence, implementations of this interface must also provide storage of cookies. Simple
 * implementations may store cookies in memory; sophisticated ones may use the file system or
 * database to hold accepted cookies. The [cookie storage model][rfc_6265_53] specifies policies for
 * updating and expiring cookies.