return l, nil
	}

	// Set ServerName in TLS config for proper certificate validation
	host, _, err := net.SplitHostPort(ldapServer)
	if err != nil {
		host = ldapServer
	}

	l.LDAP = ldap.Config{
		ServerAddr:    ldapServer,
		SRVRecordName: getCfgVal(SRVRecordName),
		TLS: &tls.Config{
			ServerName:         host,
			MinVersion:         tls.VersionTLS12,
			NextProtos:         []string{"h2", "http/1.1"},

import java.util.TimeZone
import okhttp3.tls.HeldCertificate
import okhttp3.tls.decodeCertificatePem
import okhttp3.tls.internal.der.ObjectIdentifiers.BASIC_CONSTRAINTS
import okhttp3.tls.internal.der.ObjectIdentifiers.COMMON_NAME
import okhttp3.tls.internal.der.ObjectIdentifiers.ORGANIZATIONAL_UNIT_NAME
import okhttp3.tls.internal.der.ObjectIdentifiers.RSA_ENCRYPTION
import okhttp3.tls.internal.der.ObjectIdentifiers.SHA256_WITH_RSA_ENCRYPTION

@SuppressWarnings("module")
module okhttp3.tls {
  requires okhttp3;
  exports okhttp3.tls;

sasl_mechanism   (string)    sasl authentication mechanism, default 'plain'
tls_client_auth  (string)    clientAuth determines the Kafka server's policy for TLS client auth
sasl             (on|off)    set to 'on' to enable SASL authentication
tls              (on|off)    set to 'on' to enable TLS
tls_skip_verify  (on|off)    trust server TLS without verification, defaults to "on" (verify)
client_tls_cert  (path)      path to client certificate for mTLS auth

import okhttp3.internal.platform.android.ConscryptSocketAdapter
import okhttp3.internal.platform.android.DeferredSocketAdapter
import okhttp3.internal.tls.CertificateChainCleaner
import okhttp3.internal.tls.TrustRootIndex

/** Android 10+ (API 29+). */
@SuppressSignatureCheck
class Android10Platform :
  Platform(),
  ContextAwarePlatform {
  override var applicationContext: Context? = null

import okhttp3.internal.platform.Platform
import org.conscrypt.Conscrypt

// TLS 1.3
private val TLS13_CIPHER_SUITES =
  listOf(
    CipherSuite.TLS_AES_128_GCM_SHA256,
    CipherSuite.TLS_AES_256_GCM_SHA384,
    CipherSuite.TLS_CHACHA20_POLY1305_SHA256,
    CipherSuite.TLS_AES_128_CCM_SHA256,
    CipherSuite.TLS_AES_128_CCM_8_SHA256,
  )

/**
 * A TLS 1.3 only Connection Spec. This will be eventually be exposed

import assertk.assertions.isEqualTo
import java.security.cert.Certificate
import javax.net.ssl.SSLPeerUnverifiedException
import kotlin.test.assertFailsWith
import okhttp3.internal.tls.CertificateChainCleaner.Companion.get
import okhttp3.tls.HandshakeCertificates
import okhttp3.tls.HeldCertificate
import org.junit.jupiter.api.Test

class CertificateChainCleanerTest {
  @Test
  fun equalsFromCertificate() {
    val rootA =
      HeldCertificate

			Optional:    true,
			Type:        "string",
		},
		config.HelpKV{
			Key:         KafkaSASL,
			Description: "set to 'on' to enable SASL authentication",
			Optional:    true,
			Type:        "on|off",
		},
		config.HelpKV{
			Key:         KafkaTLS,
			Description: "set to 'on' to enable TLS",
			Optional:    true,
			Type:        "on|off",

pkg crypto/tls, const QUICErrorEvent = 10 #75108
pkg crypto/tls, const QUICErrorEvent QUICEventKind #75108
pkg crypto/tls, const SecP256r1MLKEM768 = 4587 #71206
pkg crypto/tls, const SecP256r1MLKEM768 CurveID #71206
pkg crypto/tls, const SecP384r1MLKEM1024 = 4589 #71206
pkg crypto/tls, const SecP384r1MLKEM1024 CurveID #71206
pkg crypto/tls, type ClientHelloInfo struct, HelloRetryRequest bool #74425

import okhttp3.internal.platform.android.DeferredSocketAdapter
import okhttp3.internal.platform.android.StandardAndroidSocketAdapter
import okhttp3.internal.tls.BasicTrustRootIndex
import okhttp3.internal.tls.CertificateChainCleaner
import okhttp3.internal.tls.TrustRootIndex

/** Android 5 to 9 (API 21 to 28). */
@SuppressSignatureCheck
class AndroidPlatform :
  Platform(),
  ContextAwarePlatform {