val call1 = localClient.newCall(Request(server.url("/")))

    call1.execute().use { response ->
      assertThat(response.body.string()).isEqualTo("Req1")
      assertThat(response.handshake).isNotNull()
      assertThat(response.protocol == Protocol.HTTP_1_1)
    }

    eventListener.closed = true

    val call2 = localClient.newCall(Request(server.url("/")))

### Go 1.22

Go 1.22 adds a configurable limit to control the maximum acceptable RSA key size
that can be used in TLS handshakes, controlled by the [`tlsmaxrsasize` setting](/pkg/crypto/tls#Conn.Handshake).
The default is tlsmaxrsasize=8192, limiting RSA to 8192-bit keys. To avoid
denial of service attacks, this setting and default was backported to Go
1.19.13, Go 1.20.8, and Go 1.21.1.

    // Read error: ssl=0x7fd1d8d0fee8: Failure in SSL library, usually a protocol error
    if (!platform.isConscrypt()) {
      assertThat(event.exception).hasMessage("Unexpected handshake message: client_hello")
    }
  }

  @Test
  @Throws(IOException::class)
  fun multipleConnectsForSingleCall() {
    enableTls()
    server!!.enqueue(MockResponse.Builder().failHandshake().build())

     *
     * @return the dialectIndex
     */
    public int getDialectIndex() {
        return this.dialectIndex;
    }

    /**
     * Returns the server capabilities negotiated during the SMB handshake.
     *
     * @return the negotiated capabilities
     */
    public int getNegotiatedCapabilities() {
        return this.capabilities;
    }

    /**
     * Gets the negotiated send buffer size.

   */
  open fun configureTlsExtensions(
    sslSocket: SSLSocket,
    hostname: String?,
    protocols: List<@JvmSuppressWildcards Protocol>,
  ) {
  }

  /** Called after the TLS handshake to release resources allocated by [configureTlsExtensions]. */
  open fun afterHandshake(sslSocket: SSLSocket) {
  }

  /** Returns the negotiated protocol, or null if no protocol was negotiated. */

```
export MINIO_KMS_KES_KEY_PASSWORD=<your-password>
```

Note that MinIO only supports encrypted private keys - not encrypted certificates.
Certificates are no secrets and sent in plaintext as part of the TLS handshake.

## Explore Further

- [Use `mc` with MinIO Server](https://docs.min.io/community/minio-object-store/reference/minio-mc.html)

    @Test
    void testService_NtlmAuth_Failure() throws Exception {
        ntlmServlet.init(servletConfig);
        setupMocksForAuth();

        // Return null from NtlmSsp.authenticate to simulate initial NTLM handshake
        try (MockedStatic<NtlmSsp> ntlmSspMock = Mockito.mockStatic(NtlmSsp.class)) {
            ntlmSspMock.when(() -> NtlmSsp.authenticate(any(), any(), any(), any())).thenReturn(null);

) {
  /**
   * Confirms that at least one of the certificates pinned for `hostname` is in `peerCertificates`.
   * Does nothing if there are no certificates pinned for `hostname`. OkHttp calls this after a
   * successful TLS handshake, but before the connection is used.
   *
   * @throws SSLPeerUnverifiedException if `peerCertificates` don't match the certificates pinned
   *     for `hostname`.
   */
  @Throws(SSLPeerUnverifiedException::class)

	public final fun getBody ()Lokio/Buffer;
	public final fun getBodySize ()J
	public final fun getChunkSizes ()Ljava/util/List;
	public final fun getFailure ()Ljava/io/IOException;
	public final fun getHandshake ()Lokhttp3/Handshake;
	public final fun getHeader (Ljava/lang/String;)Ljava/lang/String;
	public final fun getHeaders ()Lokhttp3/Headers;
	public final fun getMethod ()Ljava/lang/String;
	public final fun getPath ()Ljava/lang/String;

    assertThat(secureStart.call).isSameAs(call)
    val secureEnd = listener.removeUpToEvent<SecureConnectEnd>()
    assertThat(secureEnd.call).isSameAs(call)
    assertThat(secureEnd.handshake).isNotNull()
  }

  @Test
  fun failedSecureConnect() {
    enableTlsWithTunnel()
    server.enqueue(
      MockResponse
        .Builder()
        .failHandshake()
        .build(),