t.Errorf("connection handshake terminated with error %q, want alertBadCertificate", err)
	}
	var e *CertificateVerificationError
	if !errors.As(err, &e) {
		t.Errorf("connection handshake terminated with error %q, want CertificateVerificationError", err)
	}
}

// Test that QUICConn.ConnectionState can be used during the handshake,

    }

  fun assertHandshake() =
    apply {
      val handshake = response!!.handshake!!
      assertThat(handshake.tlsVersion).isNotNull()
      assertThat(handshake.cipherSuite).isNotNull()
      assertThat(handshake.peerPrincipal).isNotNull()
      assertThat(handshake.peerCertificates.size).isEqualTo(1)
      assertThat(handshake.localPrincipal).isNull()
      assertThat(handshake.localCertificates.size).isEqualTo(0)
    }

  /**

import java.util.concurrent.Executors
import java.util.concurrent.Future
import javax.net.ServerSocketFactory
import javax.net.SocketFactory
import javax.net.ssl.SSLSocket
import okhttp3.Handshake
import okhttp3.Handshake.Companion.handshake
import okhttp3.TestUtil.threadFactory
import okhttp3.internal.closeQuietly
import okhttp3.testing.PlatformRule
import okio.ByteString.Companion.toByteString
import org.junit.jupiter.api.AfterEach

    open fun code(code: Int) = commonCode(code)

    open fun message(message: String) = commonMessage(message)

    open fun handshake(handshake: Handshake?) =
      apply {
        this.handshake = handshake
      }

    /**
     * Sets the header named [name] to [value]. If this request already has any headers
     * with that name, they are all replaced.
     */

	go func() {
		tlsConn := Client(client, config)
		if err := tlsConn.Handshake(); err != nil {
			t.Errorf("Error from client handshake: %v", err)
			return
		}
		tlsConn.vers = 0x1111
		tlsConn.Write([]byte{1})
	}()

	tlsConn := Server(server, config)
	if err := tlsConn.Handshake(); err != nil {
		t.Errorf("Error from client handshake: %v", err)
		return
	}

  println(Platform.get())
  val request =
    Request.Builder()
      .url(url)
      .build()
  try {
    client.newCall(request).execute().use { response ->
      val handshake = response.handshake
      println(
        "${handshake!!.tlsVersion} ${handshake.cipherSuite} ${response.protocol} " +
          "${response.code} ${response.body.bytes().size}b",
      )
    }
  } catch (ioe: IOException) {
    println(ioe)
  }
}

    @Override
    public int getContentLength () {
        handshake();
        return this.connection.getContentLength();
    }


    @Override
    public String getContentType () {
        handshake();
        return this.connection.getContentType();
    }


    @Override
    public String getContentEncoding () {
        handshake();
        return this.connection.getContentEncoding();
    }

    platform.assumeNotConscrypt()
    platform.assumeNotBouncyCastle()

    val client = makeClient(ConnectionSpec.RESTRICTED_TLS, TlsVersion.TLS_1_2)

    val handshake = makeRequest(client)

    assertThat(handshake.cipherSuite).isIn(*expectedModernTls12CipherSuites.toTypedArray())

    // Probably something like
    // TLS_AES_128_GCM_SHA256
    // TLS_AES_256_GCM_SHA384

	if err != nil {
		t.Fatalf("handshake failed: %s", err)
	}
	if state.DidResume {
		t.Fatalf("handshake resumed at a lower version")
	}

	// The client session cache now contains a TLS 1.2 session.
	state, _, err = testHandshake(t, clientConfig, serverConfig)
	if err != nil {
		t.Fatalf("handshake failed: %s", err)
	}
	if !state.DidResume {
		t.Fatalf("handshake did not resume at the same version")
	}

 * Client and server exchange these certificates during the handshake phase of a TLS connection.
 *
 * ### Server Authentication
 *
 * This is the most common form of TLS authentication: clients verify that servers are trusted and
 * that they own the hostnames that they represent. Server authentication is required.
 *
 * To perform server authentication:
 *
 *  * The server's handshake certificates must have a [held certificate][HeldCertificate] (a