* limitations under the License.
 */
package okhttp3.survey

import okhttp3.survey.types.Client
import okhttp3.survey.types.SuiteId

/**
 * Organizes information on SSL cipher suite inclusion and precedence for this spreadsheet.
 * https://docs.google.com/spreadsheets/d/1C3FdZSlCBq_-qrVwG1KDIzNIB3Hyg_rKAcgmSzOsHyQ/edit#gid=0
 */
class CipherSuiteSurvey(
  val clients: List<Client>,

            "trustStore is",
            "Reload the trust store",
            "Reload trust certs",
            "Reloaded",
            "adding as trusted certificates",
            "Ignore disabled cipher suite",
            "Ignore unsupported cipher suite",
          ).joinToString(separator = "|"),
        )
        append(").*")
      },
    )

  private val testLogHandler =
    object : Handler() {

  val survey = CipherSuiteSurvey(clients = clients, ianaSuites = ianaSuitesNew, orderBy = orderBy)

  survey.printGoogleSheet()
}

fun rest(clients: List<Client>): List<SuiteId> {
  // combine all ciphers to get these near the top
  return clients.flatMap { it.enabled }

    // sslSocket.enabledCipherSuites
    // 2) OkHttp Client - based on MODERN_TLS source code ordering
    // 3) Caller specified but assuming the visible defaults in MODERN_CIPHER_SUITES are rejigged
    // to match legacy i.e. the platform/provider
    //
    // Opting for 2 here and keeping MODERN_TLS in line with secure browsers.

    private byte[] type1Bytes;

    private byte[] signKey;
    private byte[] verifyKey;
    private byte[] sealClientKey;
    private byte[] sealServerKey;

    private Cipher sealClientHandle;
    private Cipher sealServerHandle;


    /**
     * @param tc
     *            context to use
     * @param auth
     *            credentials
     * @param doSigning

ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
diffie-hellman-group14-sha256
diffie-hellman-group16-sha512
diffie-hellman-group14-sha1
diffie-hellman-group1-sha1
```

`--sftp=cipher-algos=...` specifies the allowed cipher algorithms. 
If unspecified then a sensible default is used.

Valid values: 
```
aes128-ctr
aes192-ctr
aes256-ctr
******@****.***
******@****.***

                        etype: eTYPE-ARCFOUR-HMAC-MD5 (23)
                        kvno: 5
                        cipher: 508c1fb7944c336ead0edf4536ba1ecf7102923d9dc9e0ab1d5c73d0d3bb4ca6a1120cdd…
                authenticator
                    etype: eTYPE-ARCFOUR-HMAC-MD5 (23)
                    cipher: e24ff60648505a37d583d77e20a845158b7cfe8c652ab16d0eeeb4c8700370e5d640bbdd…

         */

import org.dbflute.bhv.core.supplement.SequenceCacheHandler;
import org.dbflute.bhv.exception.BehaviorExceptionThrower;
import org.dbflute.bhv.exception.SQLExceptionHandlerFactory;
import org.dbflute.cbean.cipher.GearedCipherManager;
import org.dbflute.cbean.sqlclause.SqlClauseCreator;
import org.dbflute.dbmeta.DBMetaProvider;
import org.dbflute.dbway.DBDef;
import org.dbflute.jdbc.SQLExceptionDigger;

and clients to TLS 1.2. The default can be reverted to TLS 1.0 using the
[`tls10server` setting](/pkg/crypto/tls/#Config).

Go 1.22 changed the default TLS cipher suites used by clients and servers when
not explicitly configured, removing the cipher suites which used RSA based key
exchange. The default can be reverted using the [`tlsrsakex` setting](/pkg/crypto/tls/#Config).

Go 1.22 disabled

package jcifs.ntlmssp;


import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.util.LinkedList;
import java.util.List;

import javax.crypto.Cipher;

import jcifs.CIFSContext;
import jcifs.CIFSException;
import jcifs.SmbConstants;
import jcifs.ntlmssp.av.AvFlags;
import jcifs.ntlmssp.av.AvPair;
import jcifs.ntlmssp.av.AvPairs;