SSLContext.getInstance("TLS")
      else ->
        try {
          // Based on SSLSocket.getApplicationProtocol check we should
          // have TLSv1.3 if we request it.
          // See https://www.oracle.com/java/technologies/javase/8u261-relnotes.html
          SSLContext.getInstance("TLSv1.3")
        } catch (nsae: NoSuchAlgorithmException) {
          SSLContext.getInstance("TLS")
        }
    }

  companion object {

    org.openjsse.net.ssl
      .OpenJSSE()

  // Selects TLSv1.3 so we are specific about our intended version ranges (not just 1.3)
  // and because it's a common pattern for VMs to have differences between supported and
  // defaulted versions for TLS based on what is requested.
  override fun newSSLContext(): SSLContext = SSLContext.getInstance("TLSv1.3", provider)

  override fun platformTrustManager(): X509TrustManager {

    client.newCall(request).execute().use {
      assertThat(it.protocol).isEqualTo(Protocol.HTTP_2)
      if (it.handshake!!.tlsVersion != TlsVersion.TLS_1_3) {
        System.err.println("Flaky TLSv1.3 with google")
//    assertThat(it.handshake()!!.tlsVersion).isEqualTo(TlsVersion.TLS_1_3)
      }
    }
  }

  @Test
  fun testIfSupported() {
    assertThat(PlatformRule.isCorrettoSupported).isTrue()

  private val provider: Provider = Conscrypt.newProvider()

  // See release notes https://groups.google.com/forum/#!forum/conscrypt
  // for version differences
  override fun newSSLContext(): SSLContext =
    // supports TLSv1.3 by default (version api is >= 1.4.0)
    SSLContext.getInstance("TLS", provider)

  override fun platformTrustManager(): X509TrustManager {
    val trustManagers =
      TrustManagerFactory

    client.newCall(request).execute().use {
      assertThat(it.protocol).isEqualTo(Protocol.HTTP_2)
      if (it.handshake!!.tlsVersion != TlsVersion.TLS_1_3) {
        System.err.println("Flaky TLSv1.3 with google")
//    assertThat(it.handshake()!!.tlsVersion).isEqualTo(TlsVersion.TLS_1_3)
      }
    }
  }

  @Test
  fun testBuildIfSupported() {
    val actual = ConscryptPlatform.buildIfSupported()

    commitment was originally through December 31, 2020; we have since extended it.)

 *  **TLSv1 and TLSv1.1 are no longer enabled by default.** Major web browsers are working towards
    removing these versions altogether in early 2020. If your servers aren't ready yet you can
    configure OkHttp 3.13 to allow TLSv1 and TLSv1.1 connections:

    ```
    OkHttpClient client = new OkHttpClient.Builder()

    header. This means OkHttp's cache shouldn't be used on middleboxes that sit
    between user agents and the origin server.

 *  **TLS configuration updated.** OkHttp now explicitly enables TLSv1.2,
    TLSv1.1 and TLSv1.0 where they are supported. It will continue to perform
    only one fallback, to SSLv3. Applications can now configure this with the
    `ConnectionSpec` class.

    To disable TLS fallback:

    val handshake = makeRequest(client)

    assertThat(handshake.cipherSuite).isIn(*expectedModernTls13CipherSuites.toTypedArray())

    // TODO: filter down to TLSv1.3 when only activated.
    // Probably something like
    // TLS_AES_128_GCM_SHA256
    // TLS_AES_256_GCM_SHA384
    // TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
    // TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

     * Content-Length: 100
     * Cache-Control: max-age=600
     *
     * AES_256_WITH_MD5
     * 2
     * base64-encoded peerCertificate[0]
     * base64-encoded peerCertificate[1]
     * -1
     * TLSv1.2
     * ```
     *
     * The file is newline separated. The first two lines are the URL and the request method. Next
     * is the number of HTTP Vary request header lines, followed by those lines.
     *

    possible to implement decorators for cache encryption or compression.
 *  New: `Cookie.newBuilder()` to build upon an existing cookie.
 *  New: Use TLSv1.3 when running on JDK 8u261 or newer.
 *  New: `QueueDispatcher.clear()` may be used to reset a MockWebServer instance.
 *  New: `FileDescriptor.toRequestBody()` may be particularly useful for users of Android's Storage