// LTYPEX spec10	{ outcode(int($1), &$2); }
	PINSRD	$1, (AX), X0
	PINSRD	$2, foo+4(FP), X0

// Was bug: LOOP is a branch instruction.
	JCS	2(PC)
loop:
	LOOP	loop // LOOP

// Tests for TLS reference.
	MOVL    (TLS), AX
	MOVL    8(TLS), DX

// LTYPE0 nonnon	{ outcode(int($1), &$2); }
	RET

pkg bufio, var ErrFinalToken error
pkg crypto/tls, const TLS_RSA_WITH_AES_128_GCM_SHA256 = 156
pkg crypto/tls, const TLS_RSA_WITH_AES_128_GCM_SHA256 uint16
pkg crypto/tls, const TLS_RSA_WITH_AES_256_GCM_SHA384 = 157
pkg crypto/tls, const TLS_RSA_WITH_AES_256_GCM_SHA384 uint16
pkg crypto/tls, method (RecordHeaderError) Error() string
pkg crypto/tls, type RecordHeaderError struct
pkg crypto/tls, type RecordHeaderError struct, Msg string

import java.io.IOException;
import java.security.cert.X509Certificate;
import okhttp3.Headers;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.Response;
import okhttp3.tls.Certificates;
import okhttp3.tls.HandshakeCertificates;

public final class CustomTrust {
  // PEM files for root certificates of Comodo and Entrust. These two CAs are sufficient to view

TLS Configuration History
=========================

OkHttp tracks the dynamic TLS ecosystem to balance connectivity and security. This page is a log of
changes we've made over time to OkHttp's default TLS options.

[OkHttp 3.14][OkHttp314]
------------------------

_2019-03-14_

Remove 2 TLSv1.3 cipher suites that are neither available on OkHttp’s host platforms nor enabled in releases of Chrome and Firefox.

##### RESTRICTED_TLS cipher suites

import okhttp3.HttpUrl.Companion.toHttpUrl
import okhttp3.OkHttpClientTestRule
import okhttp3.Request
import okhttp3.testing.PlatformRule
import okhttp3.tls.HandshakeCertificates
import okhttp3.tls.HeldCertificate
import okhttp3.tls.internal.TlsUtil.localhost
import org.junit.jupiter.api.Test
import org.junit.jupiter.api.extension.RegisterExtension

class MockResponseSniTest {
  @RegisterExtension

pkg crypto/tls, const TLS_AES_128_GCM_SHA256 = 4865
pkg crypto/tls, const TLS_AES_128_GCM_SHA256 uint16
pkg crypto/tls, const TLS_AES_256_GCM_SHA384 = 4866
pkg crypto/tls, const TLS_AES_256_GCM_SHA384 uint16
pkg crypto/tls, const TLS_CHACHA20_POLY1305_SHA256 = 4867
pkg crypto/tls, const TLS_CHACHA20_POLY1305_SHA256 uint16
pkg crypto/tls, const VersionTLS13 = 772
pkg crypto/tls, const VersionTLS13 ideal-int

    when {
      matchesSocket(sslSocket) -> Conscrypt.getApplicationProtocol(sslSocket)
      else -> null // No TLS extensions if the socket class is custom.
    }

  override fun configureTlsExtensions(
    sslSocket: SSLSocket,
    hostname: String?,
    protocols: List<Protocol>,
  ) {
    // No TLS extensions if the socket class is custom.
    if (matchesSocket(sslSocket)) {
      // Enable session tickets.

   */
  public val exchangeIndex: Int,
  /**
   * The TLS handshake of the connection that carried this request, or null if the request was
   * received without TLS.
   */
  public val handshake: Handshake?,
  /**
   * Returns the name of the server the client requested via the SNI (Server Name Indication)
   * attribute in the TLS handshake. Unlike the rest of the HTTP exchange, this name is sent in

tls_client_auth  (string)    clientAuth determines the Kafka server's policy for TLS client auth
sasl             (on|off)    set to 'on' to enable SASL authentication
tls              (on|off)    set to 'on' to enable TLS
tls_skip_verify  (on|off)    trust server TLS without verification, defaults to "on" (verify)
client_tls_cert  (path)      path to client certificate for mTLS auth

  override fun configureTlsExtensions(
    sslSocket: SSLSocket,
    hostname: String?,
    protocols: List<Protocol>,
  ) {
    // No TLS extensions if the socket class is custom.
    if (matchesSocket(sslSocket)) {
      try {
        // Enable session tickets.
        setUseSessionTickets.invoke(sslSocket, true)

        // Assume platform support on 24+