}
      }

      val certificatePinner = address.certificatePinner!!

      val handshake =
        Handshake(
          unverifiedHandshake.tlsVersion,
          unverifiedHandshake.cipherSuite,
          unverifiedHandshake.localCertificates,
        ) {
          certificatePinner.certificateChainCleaner!!.clean(
            unverifiedHandshake.peerCertificates,
            address.url.host,

    val request = server.takeRequest()
    assertThat(request.url.scheme).isEqualTo("https")
    val handshake = request.handshake
    assertThat(handshake!!.tlsVersion).isNotNull()
    assertThat(handshake.cipherSuite).isNotNull()
    assertThat(handshake.localPrincipal).isNotNull()
    assertThat(handshake.localCertificates.size).isEqualTo(1)
    assertThat(handshake.peerPrincipal).isNull()

    extensions.configure<JavaPluginExtension> {
      toolchain {
        languageVersion.set(JavaLanguageVersion.of(17))
      }
    }
  }

  tasks.withType<Checkstyle>().configureEach {
    exclude("**/CipherSuite.java")
  }

  val checkstyleConfig: Configuration by configurations.creating
  dependencies {
    checkstyleConfig(rootProject.libs.checkStyle) {
      isTransitive = false
    }
  }

    consequences. Regardless, please exercise your `OkUrlFactory` and
    `HttpURLConnection` code when applying this update.

 *  **Cipher suites may now have arbitrary names.** Previously `CipherSuite` was
    a Java enum and it was impossible to define new cipher suites without first
    upgrading OkHttp. With this change it is now a regular Java class with

pkg crypto/tls, type CertificateRequestInfo struct, Version uint16
pkg crypto/tls, type CipherSuite struct
pkg crypto/tls, type CipherSuite struct, ID uint16
pkg crypto/tls, type CipherSuite struct, Insecure bool
pkg crypto/tls, type CipherSuite struct, Name string
pkg crypto/tls, type CipherSuite struct, SupportedVersions []uint16
pkg debug/dwarf, const AttrAddrBase = 115
pkg debug/dwarf, const AttrAddrBase Attr

  Client(
    userAgent = "OkHttp",
    version = OkHttp.VERSION,
    enabled =
      ConnectionSpec.MODERN_TLS.cipherSuites!!.map {
        ianaSuites.fromJavaName(it.javaName)
      },
    supported =
      ConnectionSpec.COMPATIBLE_TLS.cipherSuites!!.map {
        ianaSuites.fromJavaName(it.javaName)
      },
  )

fun historicOkHttp(version: String): Client {
  val enabled =

		tlsConfig.ClientAuth = tls.RequestClientCert
	}

	if secureCiphers := env.Get(api.EnvAPISecureCiphers, config.EnableOn) == config.EnableOn; secureCiphers {
		tlsConfig.CipherSuites = crypto.TLSCiphers()
	} else {
		tlsConfig.CipherSuites = crypto.TLSCiphersBackwardCompatible()
	}
	tlsConfig.CurvePreferences = crypto.TLSCurveIDs()
	return tlsConfig
}

/////////// Types and functions for OpenID IAM testing

			newCachedAuthToken(),
			&tls.Config{
				RootCAs:          globalRootCAs,
				CipherSuites:     crypto.TLSCiphers(),
				CurvePreferences: crypto.TLSCurveIDs(),
			}),
		Local:        local,
		Hosts:        hosts,
		AuthToken:    validateStorageRequestToken,
		AuthFn:       newCachedAuthToken(),

            return
          }

          // https://timothybasanov.com/2016/05/26/java-pre-master-secret.html
          // https://security.stackexchange.com/questions/35639/decrypting-tls-in-wireshark-when-using-dhe-rsa-ciphersuites
          // https://stackoverflow.com/questions/36240279/how-do-i-extract-the-pre-master-secret-using-an-openssl-based-client

          // TLSv1.2 Events
          // Produced ClientHello handshake message

Go 1.23 changed the default TLS cipher suites used by clients and servers when
not explicitly configured, removing 3DES cipher suites. The default can be reverted
using the [`tls3des` setting](/pkg/crypto/tls/#Config.CipherSuites).

Go 1.23 changed the behavior of [`tls.X509KeyPair`](/pkg/crypto/tls#X509KeyPair)
and [`tls.LoadX509KeyPair`](/pkg/crypto/tls#LoadX509KeyPair) to populate the