type rfc1423Algo struct {
	cipher     PEMCipher
	name       string
	cipherFunc func(key []byte) (cipher.Block, error)
	keySize    int
	blockSize  int
}

// rfc1423Algos holds a slice of the possible ways to encrypt a PEM
// block. The ivSize numbers were taken from the OpenSSL source.
var rfc1423Algos = []rfc1423Algo{{
	cipher:     PEMCipherDES,
	name:       "DES-CBC",
	cipherFunc: des.NewCipher,

type aesctr struct {
	block   *aesCipherAsm          // block cipher
	ctr     [2]uint64              // next value of the counter (big endian)
	buffer  []byte                 // buffer for the encrypted counter values
	storage [streamBufferSize]byte // array backing buffer slice
}

// NewCTR returns a Stream which encrypts/decrypts using the AES block
// cipher in counter mode. The length of iv must be the same as [BlockSize].

with certificates and the privacy of data exchanged with strong ciphers.

When negotiating a connection to an HTTPS server, OkHttp needs to know which [TLS versions](https://square.github.io/okhttp/4.x/okhttp/okhttp3/-tls-version/) and [cipher suites](https://square.github.io/okhttp/4.x/okhttp/okhttp3/-cipher-suite/) to offer. A client that wants to maximize connectivity would include obsolete TLS versions and weak-by-design cipher suites. A strict client that wants to maximize security would...

	MOVD $ret+0(FP), R1 // address of 16-byte return value
	WORD $0xB92E0024    // cipher message (KM)
	RET

// func kmcQuery() queryResult
TEXT ·kmcQuery(SB), NOSPLIT|NOFRAME, $0-16
	MOVD $0, R0         // set function code to 0 (KMC-Query)
	MOVD $ret+0(FP), R1 // address of 16-byte return value
	WORD $0xB92F0024    // cipher message with chaining (KMC)
	RET

// func kmctrQuery() queryResult

	MOVD $ret+0(FP), R1 // address of 16-byte return value
	KM   R2, R4         // cipher message (KM)
	RET

// func kmcQuery() queryResult
TEXT ·kmcQuery(SB), NOSPLIT|NOFRAME, $0-16
	MOVD $0, R0         // set function code to 0 (KMC-Query)
	MOVD $ret+0(FP), R1 // address of 16-byte return value
	KMC  R2, R4         // cipher message with chaining (KMC)
	RET

// func kmctrQuery() queryResult

    assertThat(forJavaName(java.lang.String(cs.javaName) as String))
      .isSameAs(cs)
  }

  @Test
  fun equals() {
    assertThat(forJavaName("cipher")).isEqualTo(forJavaName("cipher"))
    assertThat(forJavaName("cipherB")).isNotEqualTo(forJavaName("cipherA"))
    assertThat(CipherSuite.TLS_RSA_EXPORT_WITH_RC4_40_MD5)
      .isEqualTo(forJavaName("SSL_RSA_EXPORT_WITH_RC4_40_MD5"))

		compressionMethods: []uint8{compressionNone},
	}
	serverConfig := testConfig.Clone()
	// Reset the enabled cipher suites to nil in order to test the
	// defaults.
	serverConfig.CipherSuites = nil
	testClientHelloFailure(t, serverConfig, clientHello, "no cipher suite supported by both client and server")
}

func TestRejectSNIWithTrailingDot(t *testing.T) {

 * here. Cipher suites that are not available on either Android (through API level 24) or Java
 * (through JDK 9) are omitted for brevity.
 *
 * See [Android SSLEngine][sslengine] which lists the cipher suites supported by Android.
 *
 * See [JDK Providers][oracle_providers] which lists the cipher suites supported by Oracle.
 *
 * See [NativeCrypto.java][conscrypt_providers] which lists the cipher suites supported by
 * Conscrypt.

const Enabled = enabled

// DARECiphers returns a list of supported cipher suites
// for the DARE object encryption.
func DARECiphers() []byte {
	if Enabled {
		return []byte{sio.AES_256_GCM}
	}
	return []byte{sio.AES_256_GCM, sio.CHACHA20_POLY1305}
}

// TLSCiphers returns a list of supported TLS transport
// cipher suite IDs.
//
// The list contains only ciphers that use AES-GCM or

//go:noescape
func expandKeyAsm(nr int, key *byte, enc *uint32, dec *uint32)

type aesCipherAsm struct {
	aesCipher
}

// aesCipherGCM implements crypto/cipher.gcmAble so that crypto/cipher.NewGCM
// will use the optimised implementation in aes_gcm.go when possible.
// Instances of this type only exist when hasGCMAsm returns true. Likewise,
// the gcmAble implementation is in aes_gcm.go.