<img src="/img/deployment/https/https01.drawio.svg">

### TLS-Handshake-Start

Der Browser kommuniziert dann mit dieser IP-Adresse über **Port 443** (den HTTPS-Port).

        "sha256/afwiKY3RxoMmLkuRW1l7QsPZTJPwDS2pdDROQjXw8ig=");

    @Override public Response intercept(Chain chain) throws IOException {
      for (Certificate certificate : chain.connection().handshake().peerCertificates()) {
        String pin = CertificatePinner.pin(certificate);
        if (denylist.contains(pin)) {
          throw new IOException("Denylisted peer certificate: " + pin);
        }
      }

    }

    @Test
    @DisplayName("Should create SpnegoException with message and cause")
    void testWithMessageAndCause() {
        // Given
        String message = "SPNEGO handshake error";
        RuntimeException cause = new RuntimeException("root cause");

        // When
        SpnegoException ex = new SpnegoException(message, cause);

        // Then
        assertNotNull(ex);

        .build()

    client.newCall(request).execute().use { response ->
      if (!response.isSuccessful) throw IOException("Unexpected code $response")

      for (certificate in response.handshake!!.peerCertificates) {
        println(CertificatePinner.pin(certificate))
      }
    }
  }
}

fun main() {
  CertificatePinning().run()

    application code that creates challenges.

 *  New: The `TlsVersion` of a `Handshake` is now non-null. If you are calling
    `Handshake.get()` with a null TLS version, you must instead now provide a
    non-null `TlsVersion`. Cache responses persisted prior to OkHttp 3.0 did not
    store a TLS version; for these unknown values the handshake is defaulted to
    `TlsVersion.SSL_3_0`.

 *  New: Upgrade to Okio 1.13.0.

        .build();

    try (Response response = client.newCall(request).execute()) {
      if (!response.isSuccessful()) throw new IOException("Unexpected code " + response);

      for (Certificate certificate : response.handshake().peerCertificates()) {
        System.out.println(CertificatePinner.pin(certificate));
      }
    }
  }

  public static void main(String... args) throws Exception {
    new CertificatePinning().run();
  }

<img src="/img/deployment/https/https01.drawio.svg">

### Início do Handshake TLS

O navegador então irá comunicar-se com esse endereço IP na **porta 443** (a porta HTTPS).

<img src="/img/deployment/https/https01.drawio.svg">

### Inicio del Handshake TLS

El navegador luego se comunicaría con esa dirección IP en el **puerto 443** (el puerto HTTPS).

    val cipherSuite = response1.handshake!!.cipherSuite
    val localCerts = response1.handshake!!.localCertificates
    val serverCerts = response1.handshake!!.peerCertificates
    val peerPrincipal = response1.handshake!!.peerPrincipal
    val localPrincipal = response1.handshake!!.localPrincipal
    val response2 = client.newCall(request).execute() // Cached!

    assertThat(cache.requestCount()).isEqualTo(2)
    assertThat(cache.networkCount()).isEqualTo(1)
    assertThat(cache.hitCount()).isEqualTo(1)

    assertThat(response.handshake!!.cipherSuite.javaName).startsWith("SLT_")
  }

  @Test
  fun truncatedMetadataEntry() {
    val response =
      testCorruptingCache {
        corruptMetadata {