*  New: Buffer WebSocket frames for better performance.
 *  New: Drop support for `TLS_DHE_DSS_WITH_AES_128_CBC_SHA`, our only remaining
    DSS cipher suite. This is consistent with Firefox and Chrome which have also
    dropped these cipher suite.

## Version 2.5.0

_2015-08-25_

 *  **Timeouts now default to 10 seconds.** Previously we defaulted to never

        value = "password=b";
        expect = "password={cipher}5691346cc398a4450114883140fa84a7";
        assertEquals(expect, ParameterUtil.encrypt(value));

        value = "aaa.password=b\naaa=c\nccc.key=d";
        expect = "aaa.password={cipher}5691346cc398a4450114883140fa84a7\n" + "aaa=c\n" + "ccc.key={cipher}bf66204f1a59036869a684d61d337bd4";
        assertEquals(expect, ParameterUtil.encrypt(value));

  public CustomCipherSuites() throws GeneralSecurityException {
    // Configure cipher suites to demonstrate how to customize which cipher suites will be used for
    // an OkHttp request. In order to be selected a cipher suite must be included in both OkHttp's
    // connection spec and in the SSLSocket's enabled cipher suites array. Most applications should
    // not customize the cipher suites list.
    List<CipherSuite> customCipherSuites = asList(

    
    public void saveEncrypted(HandleInfo handle, Path file) throws Exception {
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(Cipher.ENCRYPT_MODE, encryptionKey);
        
        ByteArrayOutputStream baos = new ByteArrayOutputStream();
        try (CipherOutputStream cos = new CipherOutputStream(baos, cipher);
             ObjectOutputStream oos = new ObjectOutputStream(cos)) {

    private byte[] type1Bytes;

    private byte[] signKey;
    private byte[] verifyKey;
    private byte[] sealClientKey;
    private byte[] sealServerKey;

    private Cipher sealClientHandle;
    private Cipher sealServerHandle;

    /**
     * Creates a new NTLM security context with the specified parameters.
     * @param tc
     *            context to use
     * @param auth

     * The user ID is encrypted using the primary cipher and validated against the configuration.
     *
     * @param userCode the raw user ID to encrypt
     * @return the encrypted and validated user code, or null if invalid
     */
    protected String createUserCodeFromUserId(String userCode) {
        final FessConfig fessConfig = ComponentUtil.getFessConfig();
        final PrimaryCipher cipher = ComponentUtil.getPrimaryCipher();

            return false;
        }

        boolean valid = false;
        for (final int cipher : rec.getCiphers()) {
            if (cipher == ec.getCiphers()[0]) {
                valid = true;
            }
        }
        if (!valid) {
            log.error("Server returned invalid cipher selection");
            return false;
        }
        return true;
    }

    /**

                        /* RC4 was not added to Java until 1.5u7 so let's use our own for a little while longer ...
                        try {
                            Cipher rc4 = Cipher.getInstance("RC4");
                            rc4.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(ntlm2SessionKey, "RC4"));
                            rc4.update(masterKey, 0, 16, exchangedKey, 0);

ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
diffie-hellman-group14-sha256
diffie-hellman-group16-sha512
diffie-hellman-group14-sha1
diffie-hellman-group1-sha1
```

`--sftp=cipher-algos=...` specifies the allowed cipher algorithms. 
If unspecified then a sensible default is used.

Valid values: 
```
aes128-ctr
aes192-ctr
aes256-ctr
******@****.***
******@****.***

        final DialectVersion dialect = resp.getSelectedDialect();
        int cipherId = -1;

        if (dialect.atLeast(DialectVersion.SMB311)) {
            cipherId = resp.getSelectedCipher();
            if (cipherId == -1) {
                // Default to AES-128-GCM for SMB 3.1.1 if no cipher negotiated
                cipherId = EncryptionNegotiateContext.CIPHER_AES128_GCM;
            }