// MODERN_TLS is used here.
    val attempt0 =
      routePlanner
        .planConnectToRoute(route)
        .planWithCurrentOrInitialConnectionSpec(connectionSpecs, socket)
    assertThat(attempt0.isTlsFallback).isFalse()
    connectionSpecs[attempt0.connectionSpecIndex].apply(socket, attempt0.isTlsFallback)
    assertEnabledProtocols(socket, TlsVersion.TLS_1_2)
    val attempt1 = attempt0.nextConnectionSpec(connectionSpecs, socket)

	}
	return time.Unix(0, x.versions[0].header.ModTime)
}

func (x *xlMetaV2) addVersion(ver xlMetaV2Version) error {
	modTime := ver.getModTime().UnixNano()
	if !ver.Valid() {
		return errors.New("attempted to add invalid version")
	}
	encoded, err := ver.MarshalMsg(nil)
	if err != nil {
		return err
	}

	// returns error if we have exceeded configured object max versions

	var uploadID string
	attempts := 1
	for attempts <= 3 {
		nctx, cancel := context.WithTimeout(ctx, time.Minute)
		uploadID, err = c.NewMultipartUpload(nctx, bucket, object, opts)
		cancel()
		if err == nil {
			break
		}
		if minio.ToErrorResponse(err).Code == "PreconditionFailed" {
			return nil
		}
		attempts++
		time.Sleep(time.Duration(rand.Int63n(int64(time.Second))))

 *
 *  3. Attempt plans from prior connect attempts for this call. These occur as either follow-ups to
 *     failed connect attempts (such as trying the next [ConnectionSpec]), or as attempts that lost
 *     a race in fast follow-up.
 *
 *  4. If there's no existing connection, make a list of routes (which may require blocking DNS

    }

    /**
     * Create rate limiter with custom settings
     *
     * @param maxAttemptsPerAccount max failed attempts per account before lockout
     * @param maxAttemptsPerIp max attempts from single IP
     * @param maxGlobalAttemptsPerMinute max global attempts per minute
     * @param lockoutDuration duration to lock out account/IP
     * @param cleanupInterval interval for cleaning up old entries
     */

                    originalCause));
        }

        return CompletableFuture.supplyAsync(() -> {
            try {
                // Wait before retry (except first attempt)
                if (attempt > 0) {
                    long delay = retryDelay * (1L << attempt); // Exponential backoff

The kubelet ensures any image requiring credential verification is always pulled if authentication information from an image pull is not yet present, thus enforcing authentication / re-authentication. This means an image pull might be attempted even in cases where a pod requests the `IfNotPresent` image pull policy, and might lead to the pod not starting if its pull policy is `Never` and is unable to present authentication information that led to a previous successful pull of the image...

            } catch (Exception recoveryError) {
                log.warn("RDMA recovery attempt {} failed: {}", retryCount, recoveryError.getMessage());

                // If this was the last attempt, log the full error
                if (retryCount >= maxRetries) {
                    log.error("All RDMA recovery attempts failed", recoveryError);
                }
            }
        }

    @BeforeEach
    public void setUp() {
        // Create rate limiter with test-friendly settings
        rateLimiter = new AuthenticationRateLimiter(3, // max attempts per account
                5, // max attempts per IP
                20, // max global attempts per minute
                Duration.ofSeconds(2), // short lockout for testing
                Duration.ofMinutes(1) // cleanup interval
        );
    }

 * or both.
 *
 * ## Authentication Retries
 *
 * If your authentication may be flaky and requires retries you should apply some policy
 * to limit the retries by the class of errors and number of attempts.  To get the number of
 * attempts to the current point use this function.
 *
 * ```java
 * private int responseCount(Response response) {
 *   int result = 1;
 *   while ((response = response.priorResponse()) != null) {