override val timestampNs: Long,
    override val call: Call,
  ) : CallEvent()

  data class SecureConnectEnd(
    override val timestampNs: Long,
    override val call: Call,
    val handshake: Handshake?,
  ) : CallEvent() {
    override fun closes(event: CallEvent): Boolean = event is SecureConnectStart && call == event.call
  }

  data class ConnectionAcquired(
    override val timestampNs: Long,

    }

    @Test
    @DisplayName("Should create SpnegoException with message and cause")
    void testWithMessageAndCause() {
        // Given
        String message = "SPNEGO handshake error";
        RuntimeException cause = new RuntimeException("root cause");

        // When
        SpnegoException ex = new SpnegoException(message, cause);

        // Then
        assertNotNull(ex);

    application code that creates challenges.

 *  New: The `TlsVersion` of a `Handshake` is now non-null. If you are calling
    `Handshake.get()` with a null TLS version, you must instead now provide a
    non-null `TlsVersion`. Cache responses persisted prior to OkHttp 3.0 did not
    store a TLS version; for these unknown values the handshake is defaulted to
    `TlsVersion.SSL_3_0`.

 *  New: Upgrade to Okio 1.13.0.

HSPLokhttp3/EventListener;->secureConnectEnd(Lokhttp3/Call;Lokhttp3/Handshake;)V
HSPLokhttp3/EventListener;->secureConnectStart(Lokhttp3/Call;)V
HSPLokhttp3/Handshake$Companion$handshake$1;-><init>(Ljava/util/List;)V
HSPLokhttp3/Handshake$peerCertificates$2;-><init>(Lkotlin/jvm/functions/Function0;)V
HSPLokhttp3/Handshake;-><init>(Lokhttp3/TlsVersion;Lokhttp3/CipherSuite;Ljava/util/List;Lkotlin/jvm/functions/Function0;)V

import javax.net.ssl.SSLPeerUnverifiedException

/**
 * A certificate chain cleaner that uses a set of trusted root certificates to build the trusted
 * chain. This class duplicates the clean chain building performed during the TLS handshake. We
 * prefer other mechanisms where they exist, such as with
 * [okhttp3.internal.platform.AndroidPlatform.AndroidCertificateChainCleaner].
 *
 * This class includes code from [Conscrypt's][Conscrypt] [TrustManagerImpl] and

	public fun responseHeadersStart (Lokhttp3/Call;)V
	public fun satisfactionFailure (Lokhttp3/Call;Lokhttp3/Response;)V
	public fun secureConnectEnd (Lokhttp3/Call;Lokhttp3/Handshake;)V
	public fun secureConnectStart (Lokhttp3/Call;)V
}

public final class okhttp3/logging/LoggingEventListener$Companion {
}

    if (!platform.isBouncyCastle()) {
      assertThat(recordedRequest.handshakeServerNames).containsExactly(url.host)
    }
  }

  /**
   * Use different hostnames for the TLS handshake (including SNI) and the HTTP request (in the
   * Host header).
   */
  @Test
  fun domainFronting() {
    val heldCertificate =
      HeldCertificate
        .Builder()
        .commonName("server name")

```
export MINIO_KMS_KES_KEY_PASSWORD=<your-password>
```

Note that MinIO only supports encrypted private keys - not encrypted certificates.
Certificates are no secrets and sent in plaintext as part of the TLS handshake.

## Explore Further

- [Use `mc` with MinIO Server](https://docs.min.io/community/minio-object-store/reference/minio-mc.html)

   */
  open fun configureTlsExtensions(
    sslSocket: SSLSocket,
    hostname: String?,
    protocols: List<@JvmSuppressWildcards Protocol>,
  ) {
  }

  /** Called after the TLS handshake to release resources allocated by [configureTlsExtensions]. */
  open fun afterHandshake(sslSocket: SSLSocket) {
  }

  /** Returns the negotiated protocol, or null if no protocol was negotiated. */

      // No cached response.
      if (cacheResponse == null) {
        return CacheStrategy(request, null)
      }

      // Drop the cached response if it's missing a required handshake.
      if (request.isHttps && cacheResponse.handshake == null) {
        return CacheStrategy(request, null)
      }

      // If this response shouldn't have been stored, it should never be used as a response source.